one-month default session; lock down cookies

author: Bryan Newbold <bnewbold@robocracy.org> 2019-01-04 17:59:59 -0800
committer: Bryan Newbold <bnewbold@robocracy.org> 2019-01-04 17:59:59 -0800
commit: 6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0 (patch)
tree: eb5d07a42f68b389b561542e5f1a23f1b10d5eb8 /python/fatcat_web/auth.py
parent: 084e476957ce80b456dcf0575de4efc7331d34f9 (diff)
download: fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.tar.gz
fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index 0bdb564f..8b57a8c0 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -28,6 +28,7 @@ def handle_token_login(token):
         abort(400)
     # fetch editor info
     editor = api.get_editor(editor_id)
+    session.permanent = True
     session['api_token'] = token
     session['editor'] = editor.to_dict()
     login_user(load_user(editor.editor_id))
@@ -64,6 +65,7 @@ def handle_oauth(remote, token, user_info):
             flash("Welcome back!")
 
         # write token and username to session
+        session.permanent = True
         session['api_token'] = api_token
         session['editor'] = editor.to_dict()
author	Bryan Newbold <bnewbold@robocracy.org>	2019-01-04 17:59:59 -0800
committer	Bryan Newbold <bnewbold@robocracy.org>	2019-01-04 17:59:59 -0800
commit	6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0 (patch)
tree	eb5d07a42f68b389b561542e5f1a23f1b10d5eb8 /python/fatcat_web/auth.py
parent	084e476957ce80b456dcf0575de4efc7331d34f9 (diff)
download	fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.tar.gz fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.zip