external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: make AURREMEMBER cookie a permanent one

Browse source 
If it's a session cookie it poses issues for users
whose browsers wipe session cookies after close.
They'd be logged out early even if they chose
the "remember me" option when they log in.

Signed-off-by: moson-mo <mo-son@mailbox.org>
This commit is contained in:
moson-mo 2023-05-25 14:20:38 +02:00
parent 57c154a72c
commit d366377231
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
aurweb/routers/auth.py
View file

@ -70,6 +70,7 @@ async def login_post(
return await login_template(request, next, errors=["Account Suspended"]) return await login_template(request, next, errors=["Account Suspended"])
cookie_timeout = cookies.timeout(remember_me) cookie_timeout = cookies.timeout(remember_me)
perma_timeout = aurweb.config.getint("options", "permanent_cookie_timeout")
sid = _retry_login(request, user, passwd, cookie_timeout) sid = _retry_login(request, user, passwd, cookie_timeout)
if not sid: if not sid:
return await login_template(request, next, errors=["Bad username or password."]) return await login_template(request, next, errors=["Bad username or password."])
@ -88,6 +89,7 @@ async def login_post(
response.set_cookie( response.set_cookie(
"AURREMEMBER", "AURREMEMBER",
remember_me, remember_me,
max_age=perma_timeout,
secure=secure, secure=secure,
httponly=secure, httponly=secure,
samesite=cookies.samesite(), samesite=cookies.samesite(),