From e657c538a2c29348748068b0f00fd7c17242bcbf Mon Sep 17 00:00:00 2001 From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de> Date: Wed, 31 Jan 2018 18:25:27 +0100 Subject: [PATCH] As discussed, adjust checks for SESSION_COOKIE_AGE and SESSION_EXPIRE_AT_BROWSER_CLOSE --- ssoauth/checks.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ssoauth/checks.py b/ssoauth/checks.py index abc8a1d..d68d800 100644 --- a/ssoauth/checks.py +++ b/ssoauth/checks.py @@ -134,15 +134,15 @@ def auth_urls_configured(app_configs, **kwargs): @register(Tags.security) def session_lifetime(app_configs, **kwargs): errors = list() - max_wanted = 60 * 60 # seconds - if conf.settings.SESSION_COOKIE_AGE > max_wanted and not conf.settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: + max_wanted = 10 * 60 * 60 # in seconds + if conf.settings.SESSION_COOKIE_AGE > max_wanted or conf.settings.SESSION_COOKIE_AGE is 0: errors.append(Error( - "Please reduce SESSION_COOKIE_AGE to at most {max_wanted} or set SESSION_EXPIRE_AT_BROWSER_CLOSE = True".format(**locals()), + "Please reduce SESSION_COOKIE_AGE to at most {max_wanted}".format(**locals()), obj=conf.settings, )) - if conf.settings.SESSION_COOKIE_AGE > 60 * 60 * 24: # >24h is too much even with SESSION_EXPIRE_AT_BROWSER_CLOSE - errors.append(Error( - "SESSION_COOKIE_AGE is too high. This means users can stay logged in longer than their accounts are active.", + if not conf.settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: + errors.append(Warning( + "Recommended value for SESSION_EXPIRE_AT_BROWSER_CLOSE = True", obj=conf.settings, )) return errors -- GitLab