"Remember me" options on session should leave the cookie for a longer

time (e.g. one year), it should be browser-session-only otherwise
This commit is contained in:
Fabio Manganiello 2019-07-23 00:31:17 +02:00
parent a16fc65d37
commit 426f064459
2 changed files with 7 additions and 3 deletions

View file

@ -38,14 +38,16 @@ def login():
username = request.form.get('username')
password = request.form.get('password')
remember = request.form.get('remember')
expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \
if remember else None
session = user_manager.create_user_session(username=username, password=password,
expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1)
if not remember else None)
expires_at=expires)
if session:
redirect_target = redirect(redirect_page, 302)
response = make_response(redirect_target)
response.set_cookie('session_token', session.session_token)
response.set_cookie('session_token', session.session_token, expires=expires)
return response
return render_template('login.html', utils=HttpUtils)

View file

@ -165,6 +165,8 @@ def _authenticate_csrf_token():
if user_session_token:
user, session = user_manager.authenticate_user_session(user_session_token)
else:
return False
if user is None:
return False