kqjy/MyFSIO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 33 Wiki Activity

Fix hardcoded secret key ttl session

Browse Source
This commit is contained in:
kqjy
2026-02-05 19:08:18 +08:00
parent 70b61fd8e6
commit ebe7f6222d
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/ui.py
View File

@@ -301,7 +301,8 @@ def login():
flash(_friendly_error_message(exc), "danger") flash(_friendly_error_message(exc), "danger")
return render_template("login.html") return render_template("login.html")
creds = {"access_key": access_key, "secret_key": secret_key} creds = {"access_key": access_key, "secret_key": secret_key}
token = _secret_store().remember(creds, ttl=3600) ttl = int(current_app.permanent_session_lifetime.total_seconds())
token = _secret_store().remember(creds, ttl=ttl)
session["cred_token"] = token session["cred_token"] = token
session.permanent = True session.permanent = True
flash(f"Welcome back, {principal.display_name}", "success") flash(f"Welcome back, {principal.display_name}", "success")