From 0aea9bf737bd8fa7f309ddfbbaa93cb5b1380204 Mon Sep 17 00:00:00 2001 From: Niels Vandekeybus Date: Mon, 26 Aug 2024 11:50:40 +0200 Subject: [PATCH] allow setting cookie max age In some settings 'session cookies' are not preferred, since they can be very long lived. This allows set the cookie max age to auto expire cookies --- README.md | 1 + config/config.exs | 1 + lib/proxy.ex | 9 ++++++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4336019..b6c82c3 100644 --- a/README.md +++ b/README.md @@ -170,6 +170,7 @@ All settings are configured through environment variables. * `SESSION_COOKIE_SECURE`: Set SECURE flag of the session cookie (see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)) * `SESSION_COOKIE_HTTP_ONLY`: Set HTTP_ONLY flag of the session cookie (see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)), on by default. * `SESSION_COOKIE_SAME_SITE`: Set SAME_SITE flag of the session cookie (see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)), "Lax" by default unless `DEFAULT_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER` is "*" then "None" by default. This means the cookie is available only on your site unless you've also set the CORS header. +* `SESSION_COOKIE_MAX_AGE`: Set the number of seconds until the cookie expires. By default this is not set and the cookie is a [session cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#expiresdate). * `IDLE_TIMEOUT`: the amount of time (in ms) that idle requests will be kept open (see [`idle_timeout` in the Cowboy docs](https://ninenines.eu/docs/en/cowboy/2.5/manual/cowboy_http/)) * `OVERRIDE_VARY_HEADER`: EXPERIMENTAL When set, the [`Vary` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary) is overriden with the specified variable, regardless of what the backend provides. diff --git a/config/config.exs b/config/config.exs index 93e1d13..594a728 100644 --- a/config/config.exs +++ b/config/config.exs @@ -49,6 +49,7 @@ config :mu_identifier, default_access_control_allow_origin_header: System.get_env("DEFAULT_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER"), default_mu_auth_allowed_groups_header: System.get_env("DEFAULT_MU_AUTH_ALLOWED_GROUPS_HEADER"), + session_cookie_max_age: System.get_env("SESSION_COOKIE_MAX_AGE"), session_cookie_secure: CH.system_boolean("SESSION_COOKIE_SECURE", false), session_cookie_http_only: CH.system_boolean("SESSION_COOKIE_HTTP_ONLY", true), session_cookie_same_site: CH.calculate_same_site(), diff --git a/lib/proxy.ex b/lib/proxy.ex index 27f7581..ef4ee52 100644 --- a/lib/proxy.ex +++ b/lib/proxy.ex @@ -63,11 +63,18 @@ defmodule Proxy do end def opts_from_environment do - [ + base_opts = [ secure: Application.get_env(:mu_identifier, :session_cookie_secure), http_only: Application.get_env(:mu_identifier, :session_cookie_http_only), same_site: Application.get_env(:mu_identifier, :session_cookie_same_site) ] + + max_age = Application.get_env(:mu_identifier, :session_cookie_max_age) + + case max_age do + nil -> base_opts + age -> base_opts ++ [max_age: String.to_integer(age)] + end end end