"Remember me" options on session should leave the cookie for a longer
time (e.g. one year), it should be browser-session-only otherwise
This commit is contained in:
parent
a16fc65d37
commit
426f064459
2 changed files with 7 additions and 3 deletions
|
@ -38,14 +38,16 @@ def login():
|
|||
username = request.form.get('username')
|
||||
password = request.form.get('password')
|
||||
remember = request.form.get('remember')
|
||||
expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \
|
||||
if remember else None
|
||||
|
||||
session = user_manager.create_user_session(username=username, password=password,
|
||||
expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1)
|
||||
if not remember else None)
|
||||
expires_at=expires)
|
||||
|
||||
if session:
|
||||
redirect_target = redirect(redirect_page, 302)
|
||||
response = make_response(redirect_target)
|
||||
response.set_cookie('session_token', session.session_token)
|
||||
response.set_cookie('session_token', session.session_token, expires=expires)
|
||||
return response
|
||||
|
||||
return render_template('login.html', utils=HttpUtils)
|
||||
|
|
|
@ -165,6 +165,8 @@ def _authenticate_csrf_token():
|
|||
|
||||
if user_session_token:
|
||||
user, session = user_manager.authenticate_user_session(user_session_token)
|
||||
else:
|
||||
return False
|
||||
|
||||
if user is None:
|
||||
return False
|
||||
|
|
Loading…
Reference in a new issue