Skip to content

Commit

Permalink
Expire sessions after 6 hours of inactivity (getredash#5159)
Browse files Browse the repository at this point in the history 
Configurable with environment variables
  • Loading branch information
Omer Lachish authored May 10, 2021
1 parent 1c3f724 commit 7ec86cf
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 2 deletions.
9 changes: 8 additions & 1 deletion redash/authentication/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@
import hmac
import logging
import time
from datetime import timedelta
from urllib.parse import urlsplit, urlunsplit

from flask import jsonify, redirect, request, url_for
from flask import jsonify, redirect, request, url_for, session
from flask_login import LoginManager, login_user, logout_user, user_logged_in
from redash import models, settings
from redash.authentication import jwt_auth
Expand Down Expand Up @@ -250,6 +251,12 @@ def init_app(app):

login_manager.init_app(app)
login_manager.anonymous_user = models.AnonymousUser
login_manager.REMEMBER_COOKIE_DURATION = settings.REMEMBER_COOKIE_DURATION

@app.before_request
def extend_session():
session.permanent = True
app.permanent_session_lifetime = timedelta(seconds=settings.SESSION_EXPIRY_TIME)

from redash.security import csrf
for auth in [google_oauth, saml_auth, remote_user_auth, ldap_auth]:
Expand Down
6 changes: 6 additions & 0 deletions redash/settings/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@
SESSION_COOKIE_HTTPONLY = parse_boolean(
os.environ.get("REDASH_SESSION_COOKIE_HTTPONLY", "true")
)
SESSION_EXPIRY_TIME = int(os.environ.get("REDASH_SESSION_EXPIRY_TIME", 60 * 60 * 6))

# Whether the session cookie is set to secure.
REMEMBER_COOKIE_SECURE = parse_boolean(
os.environ.get("REDASH_REMEMBER_COOKIE_SECURE") or str(COOKIES_SECURE)
Expand All @@ -101,6 +103,10 @@
REMEMBER_COOKIE_HTTPONLY = parse_boolean(
os.environ.get("REDASH_REMEMBER_COOKIE_HTTPONLY", "true")
)
# The amount of time before the remember cookie expires.
REMEMBER_COOKIE_DURATION = int(
os.environ.get("REDASH_REMEMBER_COOKIE_DURATION", 60 * 60 * 24 * 31)
)

# Doesn't set X-Frame-Options by default since it's highly dependent
# on the specific deployment.
Expand Down
5 changes: 4 additions & 1 deletion redash/templates/login.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@

<form role="form" method="post" name="login">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<input type="hidden" name="remember" value="on">
<div class="form-group">
<label for="inputEmail">{{ username_prompt or 'Email' }}</label>
<input type="text" class="form-control" id="inputEmail" name="email" value="{{email}}" data-test="Email">
Expand All @@ -48,6 +47,10 @@
<label for="inputPassword">Password</label>
<input type="password" class="form-control" id="inputPassword" name="password" data-test="Password">
</div>
<div class="form-group">
<input type="checkbox" id="inputRemember" name="remember" checked>
<label for="inputRemember">Remember me</label>
</div>

<button type="submit" class="btn btn-primary btn-block m-t-25">Log In</button>
</form>
Expand Down

0 comments on commit 7ec86cf

Please sign in to comment.