Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add way to set login cookie expiration #4433

Open
ericdwang opened this issue Apr 27, 2023 · 4 comments
Open

Add way to set login cookie expiration #4433

ericdwang opened this issue Apr 27, 2023 · 4 comments
Labels
enhancement

Comments

@ericdwang
Copy link

Proposed change

The cookie_max_age_days option can be used to set how long the login cookie signature is valid for, but there's no way to set when the cookie itself actually expires. Currently it just uses Tornado's default of 30 days, so setting cookie_max_age_days to a value greater than 30 also won't work as expected (the cookie will expire before the signature does).

Alternative options

If not being able to change the cookie expiration is intentional then it'd be helpful to just document that for cookie_max_age_days.

Who would use this feature?

Anyone who wants to change when the login cookie expires or set cookie_max_age_days to a value greater than 30.

(Optional): Suggest a solution

expires_days just needs to be passed in when calling set_cookie() here, similar to how max_age_days is passed in to get_secure_cookie() here. That's what the Tornado docs recommend for changing signed cookie expirations also. This could be a new setting or just the same value as cookie_max_age_days, not sure if there's a benefit to making them different. Happy to open a PR with whatever's decided on!
@welcome
Copy link

welcome bot commented Apr 27, 2023

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@minrk
Copy link
Member

minrk commented May 11, 2023

I believe you can set this with:

c.JupyterHub.tornado_settings = {"cookie_options": {"expires_days": 7}}

but I agree it probably makes sense to use cookie_max_age_days for the default. Would you like to try a PR?

@rickmcgeer
Copy link

I haven't seen a response to @minrk 's suggestion, which I think is a good one. It seems to me that it could be done by modifying BasicHandler.set_hub_cookie to take an extra parameter. I'd be happy to try it and do a PR if anyone is interested in reviewing it. Any comments on the idea?

@minrk
Copy link
Member

minrk commented Jun 3, 2024

@rickmcgeer A PR would be very welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@minrk @rickmcgeer @ericdwang