[FIX] notebookapp, auth: get_secure_cookie kwargs
#3778
Merged
Commits on Jul 19, 2018
-
[FIX] notebookapp, auth:
get_secure_cookiekwargsPer Tornado's documentation: >By default, Tornado’s secure cookies expire after 30 days. >To change this, use the expires_days keyword argument to >set_secure_cookie and the max_age_days argument to get_secure_cookie. >These two values are passed separately so that you may >e.g. have a cookie that is valid for 30 days for most purposes, >but for certain sensitive actions >(such as changing billing information) >you use a smaller max_age_days when reading the cookie. With the current implementation in `auth/login.py`, this is possible to pass the `expires_days` option but not possible to enforce it as this is not possible to pass `max_age_days` to `get_secure_cookie` This makes impossible to set the cookie expiration without using a custom `LoginHandler`. This revision is about adding the possibility to pass options to Tornado's `get_secure_cookie` method, so it can be possible to set the cookies expiration, among others.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.