Files
notifications-admin/app
Chris Hill-Scott 5ab5a8a57f Make CSRF tokens last as long as the session
If you’re filling out a form then it should be possible to submit it for
as long as you’re logged in. We keep you logged in for quite a long time
now. This is partly for people using assistive tech, who might be slower
to fill in forms, and partly for people who get distracted in the middle
of a task and come back to it later.

The expiry on our CSRF tokens was more aggressive (3600 seconds – 1
hour) than our sessions. This commit sets the CSRF tokens to not expire,
so in effect they last as long as the session.

Also tweaks the config to have CSRF on locally (to replicate production
more closely) and only disable it for tests (because it’s a pain to
grab the tokens in tests).
2017-03-15 11:16:58 +00:00
..
2017-03-13 14:53:19 +00:00
2017-01-17 11:44:42 +00:00
2017-01-17 11:44:42 +00:00
2017-03-13 14:53:19 +00:00