From 1aa3c95c6ad0fcab5a0b4cb405d4d655424fccf7 Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Wed, 31 Jan 2018 17:34:33 +0100
Subject: [PATCH] Improve the SESSION_COOKIE_AGE check

---
 ssoauth/checks.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 6da861c..abc8a1d 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -140,6 +140,11 @@ def session_lifetime(app_configs, **kwargs):
             "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()),
             obj=conf.settings,
         ))
+    if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24:  # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE
+        errors.append(Error(
+            "SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.",
+            obj=conf.settings,
+        ))
     return errors
 
 
-- 
GitLab