summaryrefslogtreecommitdiffstats
path: root/python/fatcat_web/auth.py
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2019-01-04 17:59:59 -0800
committerBryan Newbold <bnewbold@robocracy.org>2019-01-04 17:59:59 -0800
commit6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0 (patch)
treeeb5d07a42f68b389b561542e5f1a23f1b10d5eb8 /python/fatcat_web/auth.py
parent084e476957ce80b456dcf0575de4efc7331d34f9 (diff)
downloadfatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.tar.gz
fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.zip
one-month default session; lock down cookies
Diffstat (limited to 'python/fatcat_web/auth.py')
-rw-r--r--python/fatcat_web/auth.py2
1 files changed, 2 insertions, 0 deletions
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index 0bdb564f..8b57a8c0 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -28,6 +28,7 @@ def handle_token_login(token):
abort(400)
# fetch editor info
editor = api.get_editor(editor_id)
+ session.permanent = True
session['api_token'] = token
session['editor'] = editor.to_dict()
login_user(load_user(editor.editor_id))
@@ -64,6 +65,7 @@ def handle_oauth(remote, token, user_info):
flash("Welcome back!")
# write token and username to session
+ session.permanent = True
session['api_token'] = api_token
session['editor'] = editor.to_dict()