external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: increase expiry for AURLANG cookie; only set when needed

Browse source 
We add a new config option for cookies with a 400 day lifetime.
AURLANG should survive longer for unauthenticated users.
Today they have to set this again after each browser restart.
(for users whose browsers wipe session cookies on close)

authenticated users don't need this cookie
since the setting is saved to the DB

Signed-off-by: moson-mo <mo-son@mailbox.org>
This commit is contained in:
moson-mo 2023-05-25 14:07:27 +02:00
parent 638ca7b1d0
commit 57c154a72c
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
2 changed files with 23 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
aurweb/routers/html.py
View file

@ -56,19 +56,28 @@ async def language(
query_string = "?" + q if q else str()
# If the user is authenticated, update the user's LangPreference.
if request.user.is_authenticated():
with db.begin():
request.user.LangPreference = set_lang
# In any case, set the response's AURLANG cookie that never expires.
response = RedirectResponse(
url=f"{next}{query_string}", status_code=HTTPStatus.SEE_OTHER
)
secure = aurweb.config.getboolean("options", "disable_http_login")
response.set_cookie(
"AURLANG", set_lang, secure=secure, httponly=secure, samesite=cookies.samesite()
)
# If the user is authenticated, update the user's LangPreference.
# Otherwise set an AURLANG cookie
if request.user.is_authenticated():
with db.begin():
request.user.LangPreference = set_lang
else:
secure = aurweb.config.getboolean("options", "disable_http_login")
perma_timeout = aurweb.config.getint("options", "permanent_cookie_timeout")
response.set_cookie(
"AURLANG",
set_lang,
secure=secure,
httponly=secure,
max_age=perma_timeout,
samesite=cookies.samesite(),
)
return response

4
conf/config.defaults
View file

@ -14,8 +14,12 @@ passwd_min_len = 8
default_lang = en
default_timezone = UTC
sql_debug = 0
; 2 hours - default login_timeout
login_timeout = 7200
; 30 days - default persistent_cookie_timeout
persistent_cookie_timeout = 2592000
; 400 days - default permanent_cookie_timeout
permanent_cookie_timeout = 34560000
max_filesize_uncompressed = 8388608
disable_http_login = 1
aur_location = https://aur.archlinux.org