Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added COOKIE_EXPIRATION environment variable #4801

Merged
merged 2 commits into from
Sep 18, 2024
Merged

Added COOKIE_EXPIRATION environment variable #4801

merged 2 commits into from
Sep 18, 2024

Conversation

axelstudios
Copy link
Member

Any background context you want to provide?

We were using SESSION_EXPIRE_AT_BROWSER_CLOSE, which in "normal" cases causes the user to be logged out every time they close their browser. However, in modern browser environments with Chrome and Firefox most users have their browsers set to resume their session upon reopening, which causes sessions to be valid until the CSRF cookie expires (1 year).

What's this PR do?

Adds support for a COOKIE_EXPIRATION environment variable that limits cookie validity to the Django default of two weeks, unless overridden

How should this be manually tested?

  1. Logout/Login
  2. Check the Application/Cookies section of the browser's developer tools, and ensure that the expiration is two weeks from now instead of Session

What are the relevant tickets?

#4800

@axelstudios axelstudios added the Enhancement Add this label if functionality was generally improved but not a full feature or maintentance. label Sep 17, 2024
@axelstudios axelstudios changed the title Added COOKIE_EXPIRATION environment variable Added COOKIE_EXPIRATION environment variable Sep 17, 2024
kflemin
kflemin approved these changes Sep 18, 2024
View reviewed changes
Copy link
Contributor

@kflemin kflemin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@kflemin kflemin merged commit 33d1691 into develop Sep 18, 2024
9 checks passed
@kflemin kflemin deleted the task/cookie-expiration branch September 18, 2024 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kflemin kflemin kflemin approved these changes

Assignees
No one assigned
Labels
Enhancement Add this label if functionality was generally improved but not a full feature or maintentance.
Projects
FY24 Q3-Q4
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@axelstudios @kflemin