From 77d2c30c6603895af0143d2d804e1734dbc94a6b Mon Sep 17 00:00:00 2001
From: Russ Garrett <russ@garrett.co.uk>
Date: Tue, 21 Jun 2022 21:43:08 +0000
Subject: [PATCH] Use permanent rather than session cookies

---
 uffd/default_config.cfg | 5 +++++
 uffd/session/views.py   | 1 +
 2 files changed, 6 insertions(+)

diff --git a/uffd/default_config.cfg b/uffd/default_config.cfg
index 3e25e576..7b01157f 100644
--- a/uffd/default_config.cfg
+++ b/uffd/default_config.cfg
@@ -9,7 +9,12 @@ USER_SERVICE_MAX_UID=19999
 GROUP_MIN_GID=20000
 GROUP_MAX_GID=49999
 
+# The period of time that a login lasts for.
 SESSION_LIFETIME_SECONDS=3600
+
+# The period of time that the session cookie lasts for. This is refreshed on each page load.
+PERMANENT_SESSION_LIFETIME=2678400
+
 # CSRF protection
 SESSION_COOKIE_SECURE=True
 SESSION_COOKIE_HTTPONLY=True
diff --git a/uffd/session/views.py b/uffd/session/views.py
index 4d578fc2..690397bc 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -49,6 +49,7 @@ def logout():
 
 def set_session(user, skip_mfa=False):
 	session.clear()
+	session.permanent = True
 	session['user_id'] = user.id
 	session['logintime'] = datetime.datetime.now().timestamp()
 	session['_csrf_token'] = secrets.token_hex(128)
-- 
GitLab