Fix use UTC for JWT expiry and max-age for cookie

This commit is contained in:
JonnyWong16 2023-12-06 23:09:32 -08:00
parent e3113ebd30
commit fe7a59c7f9
No known key found for this signature in database
GPG key ID: B1F1F9807184697A

View file

@ -22,7 +22,7 @@
from future.builtins import object
from datetime import datetime, timedelta
from datetime import datetime, timedelta, timezone
from future.moves.urllib.parse import quote, unquote
import cherrypy
@ -378,7 +378,7 @@ class AuthController(object):
if valid_login:
time_delta = timedelta(days=30) if remember_me == '1' else timedelta(minutes=60)
expiry = datetime.now() + time_delta
expiry = datetime.now(tz=timezone.utc) + time_delta
payload = {
'user_id': user_details['user_id'],
@ -399,7 +399,7 @@ class AuthController(object):
jwt_cookie = str(JWT_COOKIE_NAME + plexpy.CONFIG.PMS_UUID)
cherrypy.response.cookie[jwt_cookie] = jwt_token
cherrypy.response.cookie[jwt_cookie]['expires'] = int(time_delta.total_seconds())
cherrypy.response.cookie[jwt_cookie]['max-age'] = int(time_delta.total_seconds())
cherrypy.response.cookie[jwt_cookie]['path'] = plexpy.HTTP_ROOT.rstrip('/') or '/'
cherrypy.response.cookie[jwt_cookie]['httponly'] = True
cherrypy.response.cookie[jwt_cookie]['samesite'] = 'lax'