Skip to content

Commit

Permalink
Merge pull request #2911 from raft-tech/fix/2822-webinspect-session-c…
Browse files Browse the repository at this point in the history 
…ookie

2822 fix webinspect medium priority - persistent session
  • Loading branch information
@jtimpe
jtimpe authored Apr 9, 2024
2 parents 9535358 + 860e0e7 commit 16cf743
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions tdrs-backend/tdpservice/settings/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,8 @@ class Common(Configuration):
SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
SESSION_COOKIE_HTTPONLY = True
SESSION_TIMEOUT = 30
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_COOKIE_AGE = 30 * 60 # 30 minutes
# The CSRF token Cookie holds no security benefits when confined to HttpOnly.
# Setting this to false to allow the frontend to include it in the header
# of API POST calls to prevent false negative authorization errors.
Expand Down

0 comments on commit 16cf743

Please sign in to comment.