github/plane
0
0
Fork 1
mirror of https://github.com/makeplane/plane synced 2024-06-14 14:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

dev: admin session cookie update

Browse Source
This commit is contained in:
pablohashescobar 2024-05-03 17:46:28 +05:30
parent 77e38b6124
commit e8567b521c
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apiserver/plane/authentication/middleware/session.py
View File

@ -38,11 +38,13 @@ class SessionMiddleware(MiddlewareMixin):
return response
# First check if we need to delete this cookie.
# The session should be deleted only if the session is entirely empty.
is_admin_path = "instances" in request.path
cookie_name = (
settings.ADMIN_SESSION_COOKIE_NAME
if "instances" in request.path
if is_admin_path
else settings.SESSION_COOKIE_NAME
)
if cookie_name in request.COOKIES and empty:
response.delete_cookie(
cookie_name,
@ -59,11 +61,16 @@ class SessionMiddleware(MiddlewareMixin):
max_age = None
expires = None
else:
max_age = request.session.get_expiry_age()
# Use different max_age based on whether it's an admin cookie
if is_admin_path:
max_age = settings.ADMIN_SESSION_COOKIE_AGE
else:
max_age = request.session.get_expiry_age()
expires_time = time.time() + max_age
expires = http_date(expires_time)
# Save the session data and refresh the client cookie.
# Skip session save for 5xx responses.
if response.status_code < 500:
try:
request.session.save()

1
apiserver/plane/settings/common.py
View File

@ -333,6 +333,7 @@ SESSION_SAVE_EVERY_REQUEST = True
# Admin Cookie
ADMIN_SESSION_COOKIE_NAME = "plane-admin-session-id"
ADMIN_SESSION_COOKIE_AGE = 18000
# CSRF cookies
CSRF_COOKIE_SECURE = secure_origins