Added COOKIE_EXPIRATION environment variable (#4801)

Added COOKIE_EXPIRATION environment variable

Co-authored-by: Katherine Fleming <[email protected]>

config/settings/common.py

@@ -15,16 +15,8 @@
 
 PROTOCOL = os.environ.get("PROTOCOL", "https")
 
-SESSION_COOKIE_DOMAIN = None
-SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 DATA_UPLOAD_MAX_MEMORY_SIZE = None
 
-# TODO: remove managers, admins in config files.
-ADMINS = (
-    # ('Your Name', '[email protected]'),
-)
-MANAGERS = ADMINS
-
 # See: https://docs.djangoproject.com/en/dev/ref/settings/#wsgi-application
 WSGI_APPLICATION = "config.wsgi.application"
 
@@ -43,6 +35,8 @@
 SECRET_KEY = os.environ.get("SECRET_KEY", "default-ns=nb-w)#2ue-mtu!s&2krzfee1-t)^z7y8gyrp6mx^d*weifh")
 
 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
+# Default to expiring cookies after 2 weeks
+SESSION_COOKIE_AGE = int(os.environ.get("COOKIE_EXPIRATION", 1_209_600))
 
 TEMPLATES = [
     {

deploy.sh

@@ -22,9 +22,10 @@ SEED_ADMIN_PASSWORD (required), admin password for SEED
 SEED_ADMIN_ORG (required), default organization for admin user in SEED
 SECRET_KEY (required), unique key for SEED web application
 AWS_ACCESS_KEY_ID (optional), Access key for AWS
-AWS_SECRET_ACCESS_KEY, Secret key for AWS
+AWS_SECRET_ACCESS_KEY (optional), Secret key for AWS
 AWS_SES_REGION_NAME (optional), AWS Region for SES
 AWS_SES_REGION_ENDPOINT (optional), AWS endpoint for SES
+COOKIE_EXPIRATION (optional), Time in seconds that a session should be valid
 SERVER_EMAIL (optional), Email that is used by the server to send messages
 SENTRY_JS_DSN (optional), Sentry JavaScript DSN
 SENTRY_RAVEN_DSN (optional), Sentry Django DSN (Raven-based)
@@ -42,6 +43,7 @@ export AWS_ACCESS_KEY_ID=key
 export AWS_SECRET_ACCESS_KEY=secret_key
 export AWS_SES_REGION_NAME=us-west-2
 export AWS_SES_REGION_ENDPOINT=email.us-west-2.amazonaws.com
+export COOKIE_EXPIRATION=1209600
 export [email protected]
 export SENTRY_JS_DSN=https://[email protected]/123456789
 export SENTRY_RAVEN_DSN=https://abcd:[email protected]/123456789

docker-compose.local.yml

@@ -68,6 +68,7 @@ services:
       - SEED_ADMIN_PASSWORD
       - SEED_ADMIN_ORG
       - SECRET_KEY
+      - COOKIE_EXPIRATION
       # Pass the Sentry config to the containers
       - SENTRY_RAVEN_DSN
       - SENTRY_JS_DSN

docker-compose.yml

@@ -43,6 +43,7 @@ services:
       - SEED_ADMIN_PASSWORD=super-secret-password
       - SEED_ADMIN_ORG=default
       - SECRET_KEY=ARQV8qGuJKH8sGnBf6ZeEdJQRKLTUhsvEcp8qG9X9sCPXvGLhdxqnNXpZcy6HEyf
+      - COOKIE_EXPIRATION
       - DJANGO_SETTINGS_MODULE=config.settings.docker
       - NGINX_LISTEN_OPTS="http2"
       # Sentry configuration if you want to use it (make sure to enable on web-celery container too)

docs/source/docker.rst

@@ -89,6 +89,9 @@ Ubuntu server 18.04 or newer with a m5ad.xlarge (if using in Production instance
     export AWS_SES_REGION_ENDPOINT=email.us-west-2.amazonaws.com
     export [email protected]
 
+    # For custom cookie validity duration
+    export COOKIE_EXPIRATION=1209600
+
 
 * Before launching the first time, make sure the persistent volumes and the backup directory exist.
 

docs/source/kubernetes_deployment.rst

@@ -124,6 +124,8 @@ This chart contains the deployment specification for the SEED web container.  Re
           value: <super-secret-password>
         - name: SEED_ADMIN_USER
           value: <[email protected]>
+        - name: COOKIE_EXPIRATION
+          value: 1209600
         # Postgres variables
         - name: POSTGRES_DB
           value: seed