Describe the bug
The session cookie default age for Django is two weeks. This is much too long for this application.
To Reproduce
Steps to reproduce the behavior:
Login to the application.
Close the tab or window without logging out.
Wait up to a little less than two weeks and go to the application URL.
It will return to whatever screen you were on before closing in step 2 without asking you to login again.
Expected behavior
The application should require you to login again after two hours of inactivity.
Additional context
Django has a parameter called SESSION_COOKIE_AGE. Its default is two weeks in seconds. It should be set to 13,200 (two hours in seconds).
Describe the bug The session cookie default age for Django is two weeks. This is much too long for this application.
To Reproduce Steps to reproduce the behavior:
Expected behavior The application should require you to login again after two hours of inactivity.
Additional context Django has a parameter called SESSION_COOKIE_AGE. Its default is two weeks in seconds. It should be set to 13,200 (two hours in seconds).