2954 - Remove SESSION_TIMEOUT

[jtimpe]

Summary of Changes

Pull request closes #2954

• removes the old/irrelevant SESSION_TIMEOUT which hasn't controlled the session timeout since #2911
• extend SESSION_COOKIE_AGE to match the expiration of the jwt provided by login.gov - the expiration in the dev environment was only 15 minutes
• Update the documentation to reflect the change in session management

How to Test

cd tdrs-backend && docker-compose up
cd tdrs-frontend && docker-compose up --build

1. Open http://localhost:3000/ and sign in.

That's basically it, nothing changes about our signin workflow. The values set by SESSION_TIMEOUT were being overriden by SESSION_EXPIRE_AT_BROWSER_CLOSE's behavior of removing the Expires= from the cookie. You can run the tests from #2911 that verify the session cookie behavior.

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

• [ ] Identify session timeout/expiration for the jwt provided by login.gov
• [ ] Parameterize environment variable value for SESSION_COOKIE_AGE (match or lower than login.gov jwt expiration)
• [ ] Remove unused SESSION_TIMEOUT variable in common.py and usages throughout the authentication api
• [ ] lfrohlich and/or adpennington confirmed that ACs are met.

Deliverable 2: Tested Code

• Are all areas of code introduced in this PR meaningfully tested?
  • [ ] If this PR introduces backend code changes, are they meaningfully tested?
  • [ ] If this PR introduces frontend code changes, are they meaningfully tested?
• Are code coverage minimums met?
  • [ ] Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
  • [ ] Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

• [ ] Are backend code style checks passing on CircleCI?
• [ ] Are frontend code style checks passing on CircleCI?
• [ ] Are code maintainability principles being followed?

Deliverable 4: Accessible

• [ ] Does this PR complete the epic?
• [ ] Are links included to any other gov-approved PRs associated with epic?
• [ ] Does PR include documentation for Raft's a11y review?
• [ ] Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

• [ ] Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

• [ ] Does this PR provide background for why coding decisions were made?
• [ ] If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
• [ ] If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
• [ ] If this PR introduces dependencies, are their licenses documented?
• [ ] Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

• [ ] Does the OWASP Scan pass on CircleCI?
• [ ] Do manual code review and manual testing detect any new security issues?
• [ ] If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

• [ ] the purpose of the research
• [ ] methods used to conduct the research
• [ ] who participated in the research
• [ ] what was tested and how
• [ ] impact of research on TDP
• [ ] (if applicable) final design mockups produced for TDP development

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 93.09%. Comparing base (00ac3d1) to head (6da0700). Report is 2 commits behind head on develop.

Additional details and impacted files

[](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) ```diff @@ Coverage Diff @@ ## develop #3020 +/- ## =========================================== + Coverage 93.05% 93.09% +0.04% =========================================== Files 276 275 -1 Lines 7108 7028 -80 Branches 599 596 -3 =========================================== - Hits 6614 6543 -71 + Misses 399 391 -8 + Partials 95 94 -1 ``` | [Flag](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | Coverage Δ | | |---|---|---| | [dev-backend](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | `93.17% <100.00%> (+0.05%)` | :arrow_up: | | [dev-frontend](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | `92.62% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#carryforward-flags-in-the-pull-request-comment) to find out more. | [Files](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | Coverage Δ | | |---|---|---| | [tdrs-backend/tdpservice/settings/common.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fsettings%2Fcommon.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2Uvc2V0dGluZ3MvY29tbW9uLnB5) | `99.29% <100.00%> (-0.03%)` | :arrow_down: | | [tdrs-backend/tdpservice/users/api/middleware.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fusers%2Fapi%2Fmiddleware.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2UvdXNlcnMvYXBpL21pZGRsZXdhcmUucHk=) | `100.00% <100.00%> (ø)` | | | [tdrs-backend/tdpservice/users/api/utils.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fusers%2Fapi%2Futils.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2UvdXNlcnMvYXBpL3V0aWxzLnB5) | `100.00% <100.00%> (ø)` | | ... and [1 file with indirect coverage changes](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) ------ [Continue to review full report in Codecov by Sentry](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?dropdown=coverage&src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?dropdown=coverage&src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech). Last update [9f2b277...6da0700](https://app.codecov.io/gh/raft-tech/TANF-app/pull/3020?dropdown=coverage&src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech).