Hi, many thanks for providing this excellent project.
First things first, I am honestly not sure whether the issue I am facing is related to the djangochannelsrestframework or more of a django-session-timeout issue so please correct me if any of my assumptions are wrong.

I currently define a single AsyncAPIConsumer observing a single model.
I have permission_classes = (permissions.IsAuthenticated,) in the class definition.
The subscription is accepted by overriding AsyncAPIConsumer.accept as explained in the docs.

I use session authentication for the application, and when I successfully login, I get a WebSocket HANDSHAKING and then a WebSocket CONNECT with a subscribed connection in place.
When I logout, I get a WebSocket DISCONNECT and all is great.

I also use the django_session_timeout.middleware.SessionTimeoutMiddleware provided by django-session-timeout which allows me to set a session timeout when there is no user activity.
The problem is that the subscribed connection is still connected when the session timeout occurs.
I have been searching for ways to disconnect upon a session timeout, but have had no luck so far.
I would appreciate any advice on whether this can somehow be handled by djangochannelsrestframework or any other advice to point me in the right direction.

this is not something handled by djangochannelsrestframework the session support relay comes from channels and that does not support any session timeout support.

Its not going to be trivial to do this, I expect the best way is to check if the session has expired before sending data back to the user and before doing any actions to modify data (you could subclass the permissions.IsAuthenticated so that it checks the session state of the user. you can access the session from the scope that is passed by doing scope["session"]

if your subscribing to the changes on models user @model_observer you will need to check within the observer method body before sending the result back to the user.

Thank you very much for the reply.
I fully understand that the session expiry is not something that is handled by djangochannelsrestframework nor channels at the moment.
I will further investigate using the suggestions you have provided!