From f3a37a11d1a7ec6aecc9355bd80bccd2f732a5ee Mon Sep 17 00:00:00 2001
From: codl <codl@codl.fr>
Date: Sun, 30 Jul 2017 14:08:37 +0200
Subject: [PATCH] configure cookies properly

---
 app.py            | 1 +
 config.example.py | 2 ++
 routes.py         | 4 +++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 25a76c9..0b3ae71 100644
--- a/app.py
+++ b/app.py
@@ -10,6 +10,7 @@ default_config = {
         "SQLALCHEMY_DATABASE_URI": "postgresql+psycopg2:///forget",
         "SECRET_KEY": "hunter2",
         "CELERY_BROKER": "amqp://",
+        "HTTPS": True
 }
 
 app.config.update(default_config)
diff --git a/config.example.py b/config.example.py
index 4b779c3..58e4915 100644
--- a/config.example.py
+++ b/config.example.py
@@ -29,6 +29,8 @@ SERVER_NAME="localhost:5000"
 
 CELERY_BROKER='amqp://'
 
+HTTPS=True
+
 """
 you can also use any config variable that flask expects here, such as
 """
diff --git a/routes.py b/routes.py
index f371176..48e4f1a 100644
--- a/routes.py
+++ b/routes.py
@@ -48,7 +48,9 @@ def twitter_login_step2():
     tasks.fetch_acc.s(token.account_id).delay()
 
     resp = Response(status=301, headers={"location": url_for('index')})
-    resp.set_cookie('forget_sid', session.id)
+    resp.set_cookie('forget_sid', session.id,
+        max_age=60*60*48,
+        secure=app.config.get("HTTPS"))
     return resp
 
 @app.route('/logout')