From f73526b808db399042a1ff506c32515cbdbfb3cb Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Thu, 17 Aug 2017 13:28:20 +0200
Subject: [PATCH] Add session lifetime check.

---
 ssoauth/checks.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 615b31a..11798c3 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -78,3 +78,15 @@ def auth_urls_configured(app_configs, **kwargs):
             errors.append(Warning("{setting_name} is not found or invalid.".format(**locals()), obj=conf.settings,))
     return errors
 
+
+@register(Tags.security)
+def session_lifetime(app_configs, **kwargs):
+    errors = list()
+    max_wanted = 60 * 60  # seconds
+    if conf.settings.SESSION_COOKIE_AGE > max_wanted:
+        errors.append(Error(
+            "Please reduce SESSION_COOKIE_AGE to at most {max_wanted}".format(**locals()),
+            obj=conf.settings,
+        ))
+    return errors
+
-- 
GitLab