Make cookie duration dependent on configuration
This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS. As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry. Fixes: #2214
This commit is contained in:
Kioubit
Frédéric Guillot
parent
d056aa1f73
commit
7d6a4243c1
1 changed files with 3 additions and 4 deletions
|
|
@ -6,15 +6,14 @@ package cookie // import "miniflux.app/v2/internal/http/cookie"
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"miniflux.app/v2/internal/config"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Cookie names.
|
// Cookie names.
|
||||||
const (
|
const (
|
||||||
CookieAppSessionID = "MinifluxAppSessionID"
|
CookieAppSessionID = "MinifluxAppSessionID"
|
||||||
CookieUserSessionID = "MinifluxUserSessionID"
|
CookieUserSessionID = "MinifluxUserSessionID"
|
||||||
|
|
||||||
// Cookie duration in days.
|
|
||||||
cookieDuration = 30
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// New creates a new cookie.
|
// New creates a new cookie.
|
||||||
|
|
@ -25,7 +24,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie {
|
||||||
Path: basePath(path),
|
Path: basePath(path),
|
||||||
Secure: isHTTPS,
|
Secure: isHTTPS,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
Expires: time.Now().Add(cookieDuration * 24 * time.Hour),
|
Expires: time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour),
|
||||||
SameSite: http.SameSiteLaxMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue