diff --git a/platypush/backend/http/app/routes/login.py b/platypush/backend/http/app/routes/login.py index 5aba3b6c8..c97a789ff 100644 --- a/platypush/backend/http/app/routes/login.py +++ b/platypush/backend/http/app/routes/login.py @@ -38,14 +38,16 @@ def login(): username = request.form.get('username') password = request.form.get('password') remember = request.form.get('remember') + expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \ + if remember else None + session = user_manager.create_user_session(username=username, password=password, - expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1) - if not remember else None) + expires_at=expires) if session: redirect_target = redirect(redirect_page, 302) response = make_response(redirect_target) - response.set_cookie('session_token', session.session_token) + response.set_cookie('session_token', session.session_token, expires=expires) return response return render_template('login.html', utils=HttpUtils) diff --git a/platypush/backend/http/app/utils.py b/platypush/backend/http/app/utils.py index e488a9129..3566412bb 100644 --- a/platypush/backend/http/app/utils.py +++ b/platypush/backend/http/app/utils.py @@ -165,6 +165,8 @@ def _authenticate_csrf_token(): if user_session_token: user, session = user_manager.authenticate_user_session(user_session_token) + else: + return False if user is None: return False