one-month default session; lock down cookies

author: Bryan Newbold <bnewbold@robocracy.org> 2019-01-04 17:59:59 -0800
committer: Bryan Newbold <bnewbold@robocracy.org> 2019-01-04 17:59:59 -0800
commit: 6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0 (patch)
tree: eb5d07a42f68b389b561542e5f1a23f1b10d5eb8 /python/fatcat_web/web_config.py
parent: 084e476957ce80b456dcf0575de4efc7331d34f9 (diff)
download: fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.tar.gz
fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py
index 5713738c..85134762 100644
--- a/python/fatcat_web/web_config.py
+++ b/python/fatcat_web/web_config.py
@@ -34,6 +34,12 @@ class Config(object):
     GITLAB_CLIENT_ID = os.environ.get("GITLAB_CLIENT_ID", default="bogus")
     GITLAB_CLIENT_SECRET = os.environ.get("GITLAB_CLIENT_SECRET", default="bogus")
 
+    # protect cookies (which include API tokens)
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_SAMESITE = 'Lax'
+    PERMANENT_SESSION_LIFETIME = 2678400 # 31 days, in seconds
+
     try:
         GIT_RELEASE = raven.fetch_git_sha('..')
     except Exception as e:
author	Bryan Newbold <bnewbold@robocracy.org>	2019-01-04 17:59:59 -0800
committer	Bryan Newbold <bnewbold@robocracy.org>	2019-01-04 17:59:59 -0800
commit	6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0 (patch)
tree	eb5d07a42f68b389b561542e5f1a23f1b10d5eb8 /python/fatcat_web/web_config.py
parent	084e476957ce80b456dcf0575de4efc7331d34f9 (diff)
download	fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.tar.gz fatcat-6eeead67f1d9af4ff2fc3c6c1188bc372e7d05a0.zip