From 5a8587892f8306bc6c47a006a1051ab773166b2f Mon Sep 17 00:00:00 2001 From: SilviaAmAm Date: Thu, 17 Oct 2024 16:36:43 +0200 Subject: [PATCH] :adhesive_bandage: [#422] Make the Django session length and the OIDC session check configurable --- backend/src/openarchiefbeheer/conf/base.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/backend/src/openarchiefbeheer/conf/base.py b/backend/src/openarchiefbeheer/conf/base.py index f7ad1150..bf4c980d 100644 --- a/backend/src/openarchiefbeheer/conf/base.py +++ b/backend/src/openarchiefbeheer/conf/base.py @@ -343,6 +343,7 @@ SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Lax") SESSION_COOKIE_SECURE = config("SESSION_COOKIE_SECURE", IS_HTTPS) SESSION_COOKIE_HTTPONLY = True +SESSION_COOKIE_AGE = config("SESSION_COOKIE_AGE", 1209600) # 2 weeks in seconds CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Lax") CSRF_COOKIE_SECURE = config("CSRF_COOKIE_SECURE", IS_HTTPS) @@ -637,6 +638,10 @@ OIDC_REDIRECT_ALLOWED_HOSTS = config( "OIDC_REDIRECT_ALLOWED_HOSTS", default="", split=True ) +# See issue #422 and https://mozilla-django-oidc.readthedocs.io/en/2.0.0/installation.html#validate-id-tokens-by-renewing-them +OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = config( + "OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS", default=60 * 15 +) # Django privates #