fix: increase expiry for AURLANG cookie; only set when needed

We add a new config option for cookies with a 400 day lifetime. AURLANG should survive longer for unauthenticated users. Today they have to set this again after each browser restart. (for users whose browsers wipe session cookies on close) authenticated users don't need this cookie since the setting is saved to the DB Signed-off-by: moson-mo <mo-son@mailbox.org>
2025-02-03 10:43:03 +01:00 · 2023-05-25 14:07:27 +02:00 · 2023-05-25 14:07:27 +02:00 · 57c154a72c
commit 57c154a72c
parent 638ca7b1d0
2 changed files with 23 additions and 10 deletions
--- a/aurweb/routers/html.py
+++ b/aurweb/routers/html.py
@ -56,19 +56,28 @@ async def language(

    query_string = "?" + q if q else str()

-    # If the user is authenticated, update the user's LangPreference.
-    if request.user.is_authenticated():
-        with db.begin():
-            request.user.LangPreference = set_lang
-
-    # In any case, set the response's AURLANG cookie that never expires.
    response = RedirectResponse(
        url=f"{next}{query_string}", status_code=HTTPStatus.SEE_OTHER
    )
-    secure = aurweb.config.getboolean("options", "disable_http_login")
-    response.set_cookie(
-        "AURLANG", set_lang, secure=secure, httponly=secure, samesite=cookies.samesite()
-    )
+
+    # If the user is authenticated, update the user's LangPreference.
+    # Otherwise set an AURLANG cookie
+    if request.user.is_authenticated():
+        with db.begin():
+            request.user.LangPreference = set_lang
+    else:
+        secure = aurweb.config.getboolean("options", "disable_http_login")
+        perma_timeout = aurweb.config.getint("options", "permanent_cookie_timeout")
+
+        response.set_cookie(
+            "AURLANG",
+            set_lang,
+            secure=secure,
+            httponly=secure,
+            max_age=perma_timeout,
+            samesite=cookies.samesite(),
+        )
+
    return response