From 1aa3c95c6ad0fcab5a0b4cb405d4d655424fccf7 Mon Sep 17 00:00:00 2001 From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de> Date: Wed, 31 Jan 2018 17:34:33 +0100 Subject: [PATCH] Improve the SESSION_COOKIE_AGE check --- ssoauth/checks.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssoauth/checks.py b/ssoauth/checks.py index 6da861c..abc8a1d 100644 --- a/ssoauth/checks.py +++ b/ssoauth/checks.py @@ -140,6 +140,11 @@ def session_lifetime(app_configs, **kwargs): "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()), obj=conf.settings, )) + if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24: # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE + errors.append(Error( + "SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.", + obj=conf.settings, + )) return errors -- GitLab