"Remember me" options on session should leave the cookie for a longer

time (e.g. one year), it should be browser-session-only otherwise

platypush/backend/http/app/routes/login.py

@@ -38,14 +38,16 @@ def login():
         username = request.form.get('username')
         password = request.form.get('password')
         remember = request.form.get('remember')
+        expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \
+            if remember else None
+
         session = user_manager.create_user_session(username=username, password=password,
-                                                   expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1)
+                                                   expires_at=expires)
-                                                   if not remember else None)
 
         if session:
             redirect_target = redirect(redirect_page, 302)
             response = make_response(redirect_target)
-            response.set_cookie('session_token', session.session_token)
+            response.set_cookie('session_token', session.session_token, expires=expires)
             return response
 
     return render_template('login.html', utils=HttpUtils)

platypush/backend/http/app/utils.py

@@ -165,6 +165,8 @@ def _authenticate_csrf_token():
 
     if user_session_token:
         user, session = user_manager.authenticate_user_session(user_session_token)
+    else:
+        return False
 
     if user is None:
         return False