"Remember me" options on session should leave the cookie for a longer
time (e.g. one year), it should be browser-session-only otherwise
This commit is contained in:
parent
a16fc65d37
commit
426f064459
2 changed files with 7 additions and 3 deletions
|
@ -38,14 +38,16 @@ def login():
|
||||||
username = request.form.get('username')
|
username = request.form.get('username')
|
||||||
password = request.form.get('password')
|
password = request.form.get('password')
|
||||||
remember = request.form.get('remember')
|
remember = request.form.get('remember')
|
||||||
|
expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \
|
||||||
|
if remember else None
|
||||||
|
|
||||||
session = user_manager.create_user_session(username=username, password=password,
|
session = user_manager.create_user_session(username=username, password=password,
|
||||||
expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1)
|
expires_at=expires)
|
||||||
if not remember else None)
|
|
||||||
|
|
||||||
if session:
|
if session:
|
||||||
redirect_target = redirect(redirect_page, 302)
|
redirect_target = redirect(redirect_page, 302)
|
||||||
response = make_response(redirect_target)
|
response = make_response(redirect_target)
|
||||||
response.set_cookie('session_token', session.session_token)
|
response.set_cookie('session_token', session.session_token, expires=expires)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
return render_template('login.html', utils=HttpUtils)
|
return render_template('login.html', utils=HttpUtils)
|
||||||
|
|
|
@ -165,6 +165,8 @@ def _authenticate_csrf_token():
|
||||||
|
|
||||||
if user_session_token:
|
if user_session_token:
|
||||||
user, session = user_manager.authenticate_user_session(user_session_token)
|
user, session = user_manager.authenticate_user_session(user_session_token)
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
if user is None:
|
if user is None:
|
||||||
return False
|
return False
|
||||||
|
|
Loading…
Reference in a new issue