By default expire session cookies after 24hrs. Fixes #556

this is mostly used to document the correct setting so that people who are concerned about it can find it more easily and override it! Whatever default value we set as the default will not suit everyone so I go with a value that I like. In practice you should be serving Kiwi TCMS over https and in controlled environment so this should be less of an issue.
kiwitcms · Dec 8, 2018 · 871852a · 871852a
1 parent ab47eac
commit 871852a
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/tcms/settings/common.py b/tcms/settings/common.py
@@ -68,6 +68,12 @@
 AUTO_APPROVE_NEW_USERS = True
 
 
+# How often will session cookies expire? We set this to 24hrs by default.
+# You may override based on your security policies
+# https://docs.djangoproject.com/en/2.1/ref/settings/#session-cookie-age
+SESSION_COOKIE_AGE = 86400
+
+
 # Maximum upload file size, default set to 5MB.
 FILE_UPLOAD_MAX_SIZE = 5242880
 
@@ -282,6 +288,8 @@
 
 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
 
+SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
+
 # Define the custom comment app
 # http://docs.djangoproject.com/en/dev/ref/contrib/comments/custom/
 COMMENTS_APP = 'tcms.core.contrib.comments'
@@ -305,8 +313,6 @@
     'tcms.xmlrpc.api.version',
 ]
 
-SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
-
 # Enable the administrator delete permission
 # In another word it's set the admin to super user or not.
 SET_ADMIN_AS_SUPERUSER = False