Skip to content

Commit d5f738f

Browse files
authored
Merge pull request #437 from maykinmedia/fix/422-oidc-settings
[#422] Make the Django session length and the OIDC session check configurable
2 parents 56e4d84 + 5a85878 commit d5f738f

File tree

1 file changed

+5
-0
lines changed
  • backend/src/openarchiefbeheer/conf

1 file changed

+5
-0
lines changed

backend/src/openarchiefbeheer/conf/base.py

+5
Original file line numberDiff line numberDiff line change
@@ -343,6 +343,7 @@
343343
SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Lax")
344344
SESSION_COOKIE_SECURE = config("SESSION_COOKIE_SECURE", IS_HTTPS)
345345
SESSION_COOKIE_HTTPONLY = True
346+
SESSION_COOKIE_AGE = config("SESSION_COOKIE_AGE", 1209600) # 2 weeks in seconds
346347

347348
CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Lax")
348349
CSRF_COOKIE_SECURE = config("CSRF_COOKIE_SECURE", IS_HTTPS)
@@ -637,6 +638,10 @@
637638
OIDC_REDIRECT_ALLOWED_HOSTS = config(
638639
"OIDC_REDIRECT_ALLOWED_HOSTS", default="", split=True
639640
)
641+
# See issue #422 and https://mozilla-django-oidc.readthedocs.io/en/2.0.0/installation.html#validate-id-tokens-by-renewing-them
642+
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = config(
643+
"OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS", default=60 * 15
644+
)
640645

641646
# Django privates
642647
#

0 commit comments

Comments
 (0)