Update the cookie to secure on LIVE

Set the expiration of the cookie.
2026-05-06 00:48:46 -04:00 · 2016-01-28 15:31:32 +00:00
parent 5a17bba97e
commit 54a61ac928
2 changed files with 5 additions and 2 deletions
--- a/app/its_dangerous_session.py
+++ b/app/its_dangerous_session.py
@@ -1,3 +1,5 @@
+from datetime import timedelta, datetime
+
 from werkzeug.datastructures import CallbackDict
 from flask.sessions import SessionInterface, SessionMixin
 from itsdangerous import URLSafeTimedSerializer, BadSignature
@@ -43,7 +45,8 @@ class ItsdangerousSessionInterface(SessionInterface):
                response.delete_cookie(app.session_cookie_name,
                                       domain=domain)
            return
-        expires = self.get_expiration_time(app, session)
+        session.permanent=True
+        expires=  datetime.utcnow() + timedelta(app.config.get('PERMANENT_SESSION_LIFETIME'))
        val = self.get_serializer(app).dumps(dict(session))
        response.set_cookie(app.session_cookie_name, val,
                            expires=expires, httponly=True,
--- a/config.py
+++ b/config.py
@@ -20,7 +20,7 @@ class Config(object):
    SESSION_COOKIE_NAME = 'notify_admin_session'
    SESSION_COOKIE_PATH = '/admin'
    SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_SECURE = False
    PERMANENT_SESSION_LIFETIME = 3600  # seconds

    API_HOST_NAME = os.getenv('API_HOST_NAME')