fix: increase expiry for AURLANG cookie; only set when needed

We add a new config option for cookies with a 400 day lifetime. AURLANG should survive longer for unauthenticated users. Today they have to set this again after each browser restart. (for users whose browsers wipe session cookies on close) authenticated users don't need this cookie since the setting is saved to the DB Signed-off-by: moson-mo <mo-son@mailbox.org>
2025-02-03 10:43:03 +01:00 · 2023-05-25 14:07:27 +02:00 · 2023-05-25 14:07:27 +02:00 · 57c154a72c
commit 57c154a72c
parent 638ca7b1d0
2 changed files with 23 additions and 10 deletions
--- a/aurweb/routers/html.py
+++ b/aurweb/routers/html.py
@ -56,19 +56,28 @@ async def language(

    query_string = "?" + q if q else str()

-    # If the user is authenticated, update the user's LangPreference.
-    if request.user.is_authenticated():
-        with db.begin():
-            request.user.LangPreference = set_lang
-
-    # In any case, set the response's AURLANG cookie that never expires.
    response = RedirectResponse(
        url=f"{next}{query_string}", status_code=HTTPStatus.SEE_OTHER
    )
+
+    # If the user is authenticated, update the user's LangPreference.
+    # Otherwise set an AURLANG cookie
+    if request.user.is_authenticated():
+        with db.begin():
+            request.user.LangPreference = set_lang
+    else:
        secure = aurweb.config.getboolean("options", "disable_http_login")
+        perma_timeout = aurweb.config.getint("options", "permanent_cookie_timeout")
+
        response.set_cookie(
-        "AURLANG", set_lang, secure=secure, httponly=secure, samesite=cookies.samesite()
+            "AURLANG",
+            set_lang,
+            secure=secure,
+            httponly=secure,
+            max_age=perma_timeout,
+            samesite=cookies.samesite(),
        )
+
    return response


--- a/conf/config.defaults
+++ b/conf/config.defaults
@ -14,8 +14,12 @@ passwd_min_len = 8
 default_lang = en
 default_timezone = UTC
 sql_debug = 0
+; 2 hours - default login_timeout
 login_timeout = 7200
+; 30 days - default persistent_cookie_timeout
 persistent_cookie_timeout = 2592000
+; 400 days - default permanent_cookie_timeout
+permanent_cookie_timeout = 34560000
 max_filesize_uncompressed = 8388608
 disable_http_login = 1
 aur_location = https://aur.archlinux.org