Przeglądaj źródła

bugfix: Cookie expiry for OAuth2 & Local set to 1 year, not session (#451)

James Read 1 rok temu
rodzic
commit
be9b2a7c78

+ 5 - 2
internal/httpservers/restapi_auth_local.go

@@ -41,8 +41,11 @@ func forwardResponseHandlerLoginLocalUser(md metadata.MD, w http.ResponseWriter)
 		http.SetCookie(
 			w,
 			&http.Cookie{
-				Name:  "olivetin-sid-local",
-				Value: sid,
+				Name:     "olivetin-sid-local",
+				Value:    sid,
+				MaxAge:   31556952, // 1 year
+				HttpOnly: true,
+				Path:     "/",
 			},
 		)
 	}

+ 1 - 1
internal/httpservers/restapi_auth_oauth2.go

@@ -96,7 +96,7 @@ func setOauthCallbackCookie(w http.ResponseWriter, r *http.Request, name, value
 	cookie := &http.Cookie{
 		Name:     name,
 		Value:    value,
-		MaxAge:   int(time.Hour.Seconds()),
+		MaxAge:   31556952, // 1 year
 		Secure:   r.TLS != nil,
 		HttpOnly: true,
 		Path:     "/",