浏览代码

bugfix: Cookie expiry for OAuth2 & Local set to 1 year, not session (#451)

James Read 1 年之前
父节点
当前提交
be9b2a7c78
共有 2 个文件被更改,包括 6 次插入3 次删除
  1. 5 2
      internal/httpservers/restapi_auth_local.go
  2. 1 1
      internal/httpservers/restapi_auth_oauth2.go

+ 5 - 2
internal/httpservers/restapi_auth_local.go

@@ -41,8 +41,11 @@ func forwardResponseHandlerLoginLocalUser(md metadata.MD, w http.ResponseWriter)
 		http.SetCookie(
 			w,
 			&http.Cookie{
-				Name:  "olivetin-sid-local",
-				Value: sid,
+				Name:     "olivetin-sid-local",
+				Value:    sid,
+				MaxAge:   31556952, // 1 year
+				HttpOnly: true,
+				Path:     "/",
 			},
 		)
 	}

+ 1 - 1
internal/httpservers/restapi_auth_oauth2.go

@@ -96,7 +96,7 @@ func setOauthCallbackCookie(w http.ResponseWriter, r *http.Request, name, value
 	cookie := &http.Cookie{
 		Name:     name,
 		Value:    value,
-		MaxAge:   int(time.Hour.Seconds()),
+		MaxAge:   31556952, // 1 year
 		Secure:   r.TLS != nil,
 		HttpOnly: true,
 		Path:     "/",