fix: Add same expiration date that header_payload to signature cookie

Signed-off-by: Milouu <[email protected]>
Substra · Nov 17, 2022 · ded607d · ded607d
1 parent 48cc334
commit ded607d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - Compute task outputs/inputs valid storage address.
+- Signature cookie expiration date (#540)
 
 ### Removed
 

diff --git a/backend/users/views/authentication.py b/backend/users/views/authentication.py
@@ -33,7 +33,6 @@ def get_authenticate_header(self, request) -> str:
     @throttle_classes([AnonRateThrottle, UserLoginThrottle])
     def login(self, request, *args, **kwargs):
         serializer = self.get_serializer(data=request.data)
-
         try:
             serializer.is_valid(raise_exception=True)
         except AuthenticationFailed:
@@ -65,7 +64,7 @@ def login(self, request, *args, **kwargs):
             domain=settings.COMMON_HOST_DOMAIN,
         )
         response.set_cookie(
-            "signature", value=signature, httponly=True, secure=secure, domain=settings.COMMON_HOST_DOMAIN
+            "signature", value=signature, expires=access_expires, httponly=True, secure=secure, domain=settings.COMMON_HOST_DOMAIN
         )
         response.set_cookie(
             "refresh",
@@ -81,7 +80,6 @@ def login(self, request, *args, **kwargs):
     @action(methods=["post"], detail=False)
     def refresh(self, request, *args, **kwargs):
         serializer = CustomTokenRefreshSerializer(data=request.data, context=self.get_serializer_context())
-
         try:
             serializer.is_valid(raise_exception=True)
         except AuthenticationFailed: