Make cookie session options configurable

Implements #49.

src/teamvault/apps/settings/config.py

@@ -164,6 +164,22 @@ def configure_max_file_size(config, settings):
     settings.FILE_UPLOAD_MAX_MEMORY_SIZE = settings.TEAMVAULT_MAX_FILE_SIZE
 
 
+def configure_session(config):
+    """
+    Called directly from the Django settings module.
+    """
+    age = int(get_from_config(config, "teamvault", "session_cookie_age", "3600"))
+    expire = get_from_config(config, "teamvault", "session_expire_at_browser_close", "True")
+    secure = get_from_config(config, "teamvault", "session_cookie_secure", "False")
+
+    if age <= 0:
+        age = 3600
+    expire = expire.lower() in ("1", "enabled", "true", "yes")
+    secure = secure.lower() in ("1", "enabled", "true", "yes")
+
+    return age, expire, secure
+
+
 def configure_teamvault_secret_key(config, settings):
     from .models import Setting
 
@@ -201,6 +217,9 @@ def create_default_config(filename):
 # file uploads larger than this number of bytes will have their connection reset
 max_file_size = 5242880
 syslog_facility = local1
+session_cookie_age = 3600
+session_expire_at_browser_close = True
+session_cookie_secure = False
 
 [django]
 # This key has been generated for you, there is no need to change it

src/teamvault/settings.py

@@ -5,6 +5,7 @@
     configure_django_secret_key,
     configure_hashid,
     configure_logging,
+    configure_session,
     get_config,
 )
 
@@ -69,6 +70,8 @@
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
 SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
+SESSION_COOKIE_AGE, SESSION_EXPIRE_AT_BROWSER_CLOSE, SESSION_COOKIE_SECURE = \
+    configure_session(CONFIG)
 
 STATIC_ROOT = join(PROJECT_ROOT, "static_collected")