tl-its-umich-edu#1029 expiring Django session (tl-its-umich-edu#1413)

jonespm · Sep 20, 2022 · abad52b · abad52b
1 parent 590ba02
commit abad52b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/config/env_sample.hjson b/config/env_sample.hjson
@@ -57,6 +57,10 @@
     # SameSite settings for Session and CSRF (defaults in settings.py should work), if you do want non-string None set to null.
     "SESSION_COOKIE_SAMESITE": "None",
     "CSRF_COOKIE_SAMESITE": "None",
+    # user Django session expiration, defaults to 24hrs matching canvas
+    "SESSION_COOKIE_AGE": 86400,
+    # Django Session to expire on browser close (quit), defaults to true
+    "SESSION_EXPIRE_AT_BROWSER_CLOSE": true
     # Warning:
     # This enables debugging of Django code
     # Use "true" for local development

diff --git a/dashboard/settings.py b/dashboard/settings.py
@@ -400,6 +400,9 @@
 SESSION_COOKIE_SAMESITE = ENV.get("SESSION_COOKIE_SAMESITE", 'None')
 CSRF_COOKIE_SAMESITE = ENV.get("CSRF_COOKIE_SAMESITE", 'None')
 
+SESSION_COOKIE_AGE = ENV.get('SESSION_COOKIE_AGE', 86400)
+SESSION_EXPIRE_AT_BROWSER_CLOSE = ENV.get('SESSION_EXPIRE_AT_BROWSER_CLOSE', True)
+
 CHECK_ENABLE_BACKEND_LOGIN = False if ENABLE_LTI else True
 
 # Allow for ENABLE_BACKEND_LOGIN override