From be670f751875d8f5a2e36ea5de216602ce3f2f0f Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Tue, 28 Nov 2017 11:43:46 +0100
Subject: [PATCH] Improve the session cookie check

---
 ssoauth/checks.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 2c10050..06c7f37 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -124,10 +124,8 @@ def auth_urls_configured(app_configs, **kwargs):
 @register(Tags.security)
 def session_lifetime(app_configs, **kwargs):
     errors = list()
-    if conf.settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
-        return errors
     max_wanted = 60 * 60  # seconds
-    if conf.settings.SESSION_COOKIE_AGE > max_wanted:
+    if conf.settings.SESSION_COOKIE_AGE > max_wanted and not conf.settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
         errors.append(Error(
             "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()),
             obj=conf.settings,
-- 
GitLab