mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-11 08:23:48 -04:00
If you’re filling out a form then it should be possible to submit it for as long as you’re logged in. We keep you logged in for quite a long time now. This is partly for people using assistive tech, who might be slower to fill in forms, and partly for people who get distracted in the middle of a task and come back to it later. The expiry on our CSRF tokens was more aggressive (3600 seconds – 1 hour) than our sessions. This commit sets the CSRF tokens to not expire, so in effect they last as long as the session. Also tweaks the config to have CSRF on locally (to replicate production more closely) and only disable it for tests (because it’s a pain to grab the tokens in tests).