Skip to content
Snippets Groups Projects
Commit 1aa3c95c authored by Art's avatar Art :lizard:
Browse files

Improve the SESSION_COOKIE_AGE check

parent 473b48a1
Branches
No related tags found
No related merge requests found
......@@ -140,6 +140,11 @@ def session_lifetime(app_configs, **kwargs):
"Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()),
obj=conf.settings,
))
if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24: # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE
errors.append(Error(
"SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.",
obj=conf.settings,
))
return errors
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment