From dbe6ee78c75802768c7c70e0dae9038ff3ccb60b Mon Sep 17 00:00:00 2001
From: Matthias Portzel <MatthiasPortzel@gmail.com>
Date: Sat, 26 Mar 2022 22:44:02 -0400
Subject: [PATCH] Add max_age of 1 year to password cookie

---
 main/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main/views.py b/main/views.py
index f7c4cc2..7119ef1 100644
--- a/main/views.py
+++ b/main/views.py
@@ -70,7 +70,7 @@ def login(request):
     if request.method == "POST":
         if constant_time_compare(request.POST["password"], settings.PASSWORD):
             res = redirect("post")
-            res.set_cookie("password", request.POST["password"])
+            res.set_cookie("password", request.POST["password"], max_age=60*60*24*365) # 1 year
             return res
 
     # Returning 401 here causes `links` to always prompt for HTTP basic auth, which is annoying.
@@ -83,7 +83,7 @@ def post(request):
         return redirect("login")
 
     editing = request.GET.get("editing", None)
-    try: 
+    try:
         editing_thought = Thought.objects.get(uuid=editing)
         editing_thought.timezone_offset = - editing_thought.timezone_offset / 60
     except Thought.DoesNotExist: