diff --git a/ssoauth/checks.py b/ssoauth/checks.py index 6da861cc4a834220ffdb68c8318360f64aa01a76..abc8a1d05b193cff324384e34817731cca3f2ab6 100644 --- a/ssoauth/checks.py +++ b/ssoauth/checks.py @@ -140,6 +140,11 @@ def session_lifetime(app_configs, **kwargs): "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()), obj=conf.settings, )) + if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24: # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE + errors.append(Error( + "SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.", + obj=conf.settings, + )) return errors