logout issues # 2

backend/igny8_core/settings.py

@@ -97,8 +97,8 @@ CSRF_COOKIE_SECURE = USE_SECURE_COOKIES
 SESSION_COOKIE_NAME = 'igny8_sessionid'  # Custom name to avoid conflicts
 SESSION_COOKIE_HTTPONLY = True  # Prevent JavaScript access
 SESSION_COOKIE_SAMESITE = 'Strict'  # Prevent cross-site cookie sharing
-SESSION_COOKIE_AGE = 3600  # 1 hour default (increased if remember me checked)
-SESSION_SAVE_EVERY_REQUEST = False  # Don't update session on every request (reduces DB load)
+SESSION_COOKIE_AGE = 3600  # 1 hour - extends on every request due to SESSION_SAVE_EVERY_REQUEST
+SESSION_SAVE_EVERY_REQUEST = True  # CRITICAL: Update session on every request to prevent idle timeout
 SESSION_COOKIE_PATH = '/'  # Explicit path
 # Don't set SESSION_COOKIE_DOMAIN - let it default to current domain for strict isolation
 
@@ -521,8 +521,8 @@ CORS_EXPOSE_HEADERS = [
 JWT_SECRET_KEY = os.getenv('JWT_SECRET_KEY', SECRET_KEY)
 JWT_ALGORITHM = 'HS256'
 # Default: 1 hour for normal login, 20 days for remember me
-JWT_ACCESS_TOKEN_EXPIRY = timedelta(hours=1)  # Increased from 15 minutes
-JWT_ACCESS_TOKEN_EXPIRY_REMEMBER_ME = timedelta(days=20)  # For remember me users
+JWT_ACCESS_TOKEN_EXPIRY = timedelta(hours=1)  # Default: 1 hour
+JWT_ACCESS_TOKEN_EXPIRY_REMEMBER_ME = timedelta(days=30)  # Remember me: 30 days
 JWT_REFRESH_TOKEN_EXPIRY = timedelta(days=30)  # Extended to 30 days for persistent login
 
 # Celery Configuration