matthias
/
WhisperMaPhone
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add max_age of 1 year to password cookie

This commit is contained in:
Matthias Portzel 2022-03-26 22:44:02 -04:00
parent d81c8cbda1
commit dbe6ee78c7
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
main/views.py
View File

@ -70,7 +70,7 @@ def login(request):
if request.method == "POST":
if constant_time_compare(request.POST["password"], settings.PASSWORD):
res = redirect("post")
res.set_cookie("password", request.POST["password"])
res.set_cookie("password", request.POST["password"], max_age=60*60*24*365) # 1 year
return res
# Returning 401 here causes `links` to always prompt for HTTP basic auth, which is annoying.
@ -83,7 +83,7 @@ def post(request):
return redirect("login")
editing = request.GET.get("editing", None)
try:
try:
editing_thought = Thought.objects.get(uuid=editing)
editing_thought.timezone_offset = - editing_thought.timezone_offset / 60
except Thought.DoesNotExist: