logo out issues fixes

2025-12-15 16:08:47 +00:00
parent 25f1c32366
commit 5366cc1805
14 changed files with 2327 additions and 51 deletions
--- a/backend/igny8_core/settings.py
+++ b/backend/igny8_core/settings.py
@@ -97,7 +97,7 @@ CSRF_COOKIE_SECURE = USE_SECURE_COOKIES
 SESSION_COOKIE_NAME = 'igny8_sessionid'  # Custom name to avoid conflicts
 SESSION_COOKIE_HTTPONLY = True  # Prevent JavaScript access
 SESSION_COOKIE_SAMESITE = 'Strict'  # Prevent cross-site cookie sharing
-SESSION_COOKIE_AGE = 86400  # 24 hours
+SESSION_COOKIE_AGE = 3600  # 1 hour default (increased if remember me checked)
 SESSION_SAVE_EVERY_REQUEST = False  # Don't update session on every request (reduces DB load)
 SESSION_COOKIE_PATH = '/'  # Explicit path
 # Don't set SESSION_COOKIE_DOMAIN - let it default to current domain for strict isolation
@@ -520,7 +520,9 @@ CORS_EXPOSE_HEADERS = [
 # JWT Configuration
 JWT_SECRET_KEY = os.getenv('JWT_SECRET_KEY', SECRET_KEY)
 JWT_ALGORITHM = 'HS256'
-JWT_ACCESS_TOKEN_EXPIRY = timedelta(minutes=15)
+# Default: 1 hour for normal login, 20 days for remember me
+JWT_ACCESS_TOKEN_EXPIRY = timedelta(hours=1)  # Increased from 15 minutes
+JWT_ACCESS_TOKEN_EXPIRY_REMEMBER_ME = timedelta(days=20)  # For remember me users
 JWT_REFRESH_TOKEN_EXPIRY = timedelta(days=30)  # Extended to 30 days for persistent login

 # Celery Configuration