for now, default to real (non-permanent) session cookies that are cleared at browser close

SESSION_EXPIRE_AT_BROWSER_CLOSE = True later we can maybe have a "remember me" checkbox at login time, so a user can decide on his own whether to use session or long-living cookie.
2013-11-14 10:01:36 +01:00 · 2013-11-14 10:01:36 +01:00 · 182671783d
commit 182671783d
parent f6fb8b67bd
1 changed files with 1 additions and 1 deletions
--- a/nsupdate/settings.py
+++ b/nsupdate/settings.py
@ -254,7 +254,7 @@ SESSION_COOKIE_PATH = '/'
 SESSION_COOKIE_SECURE = False  # use True here if you have set WE_HAVE_SSL = True
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_AGE = 14 * 24 * 3600  # 2 weeks, in seconds
-SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True  # more safe than False

 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'