From e8567b521c095fc18bd90a5cd546066409a92d36 Mon Sep 17 00:00:00 2001 From: pablohashescobar Date: Fri, 3 May 2024 17:46:28 +0530 Subject: [PATCH] dev: admin session cookie update --- .../plane/authentication/middleware/session.py | 13 ++++++++++--- apiserver/plane/settings/common.py | 1 + 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apiserver/plane/authentication/middleware/session.py b/apiserver/plane/authentication/middleware/session.py index 697881e35..2bb62b881 100644 --- a/apiserver/plane/authentication/middleware/session.py +++ b/apiserver/plane/authentication/middleware/session.py @@ -38,11 +38,13 @@ class SessionMiddleware(MiddlewareMixin): return response # First check if we need to delete this cookie. # The session should be deleted only if the session is entirely empty. + is_admin_path = "instances" in request.path cookie_name = ( settings.ADMIN_SESSION_COOKIE_NAME - if "instances" in request.path + if is_admin_path else settings.SESSION_COOKIE_NAME ) + if cookie_name in request.COOKIES and empty: response.delete_cookie( cookie_name, @@ -59,11 +61,16 @@ class SessionMiddleware(MiddlewareMixin): max_age = None expires = None else: - max_age = request.session.get_expiry_age() + # Use different max_age based on whether it's an admin cookie + if is_admin_path: + max_age = settings.ADMIN_SESSION_COOKIE_AGE + else: + max_age = request.session.get_expiry_age() + expires_time = time.time() + max_age expires = http_date(expires_time) + # Save the session data and refresh the client cookie. - # Skip session save for 5xx responses. if response.status_code < 500: try: request.session.save() diff --git a/apiserver/plane/settings/common.py b/apiserver/plane/settings/common.py index 908ef446c..5c98d345c 100644 --- a/apiserver/plane/settings/common.py +++ b/apiserver/plane/settings/common.py @@ -333,6 +333,7 @@ SESSION_SAVE_EVERY_REQUEST = True # Admin Cookie ADMIN_SESSION_COOKIE_NAME = "plane-admin-session-id" +ADMIN_SESSION_COOKIE_AGE = 18000 # CSRF cookies CSRF_COOKIE_SECURE = secure_origins