From a1ad902f1e99b503ff3e5111f54a95c83f742686 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Tue, 27 Nov 2018 14:26:33 -0600
Subject: [PATCH] Set session age to 2 hours and enforce session cookie
 security

---
 config/settings/base.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/settings/base.py b/config/settings/base.py
index 55f8cbf68..eb0477061 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -67,7 +67,8 @@ ALLOWED_HOSTS = ['localhost', '127.0.0.1', SERVER_FQDN,
     '{0}.ligo.org'.format(SERVER_HOSTNAME)]
 
 # Sessions settings -----------------------------------------------------------
-SESSION_COOKIE_AGE = 3600
+SESSION_COOKIE_AGE = 3600*2
+SESSION_COOKIE_SECURE = True
 SESSION_ENGINE = 'user_sessions.backends.db'
 
 # Login/logout settings -------------------------------------------------------
-- 
GitLab