From 426f06445921c227da0fe53b1f3b41d4e7da17c6 Mon Sep 17 00:00:00 2001 From: Fabio Manganiello Date: Tue, 23 Jul 2019 00:31:17 +0200 Subject: [PATCH] "Remember me" options on session should leave the cookie for a longer time (e.g. one year), it should be browser-session-only otherwise --- platypush/backend/http/app/routes/login.py | 8 +++++--- platypush/backend/http/app/utils.py | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/platypush/backend/http/app/routes/login.py b/platypush/backend/http/app/routes/login.py index 5aba3b6c..c97a789f 100644 --- a/platypush/backend/http/app/routes/login.py +++ b/platypush/backend/http/app/routes/login.py @@ -38,14 +38,16 @@ def login(): username = request.form.get('username') password = request.form.get('password') remember = request.form.get('remember') + expires = datetime.datetime.utcnow() + datetime.timedelta(days=365) \ + if remember else None + session = user_manager.create_user_session(username=username, password=password, - expires_at=datetime.datetime.utcnow() + datetime.timedelta(days=1) - if not remember else None) + expires_at=expires) if session: redirect_target = redirect(redirect_page, 302) response = make_response(redirect_target) - response.set_cookie('session_token', session.session_token) + response.set_cookie('session_token', session.session_token, expires=expires) return response return render_template('login.html', utils=HttpUtils) diff --git a/platypush/backend/http/app/utils.py b/platypush/backend/http/app/utils.py index e488a912..3566412b 100644 --- a/platypush/backend/http/app/utils.py +++ b/platypush/backend/http/app/utils.py @@ -165,6 +165,8 @@ def _authenticate_csrf_token(): if user_session_token: user, session = user_manager.authenticate_user_session(user_session_token) + else: + return False if user is None: return False