Spaces:
Running
Running
Update api/routers/auth.py
Browse files- api/routers/auth.py +3 -7
api/routers/auth.py
CHANGED
|
@@ -107,17 +107,13 @@ async def login(
|
|
| 107 |
token = create_session(username)
|
| 108 |
|
| 109 |
# Set secure cookie
|
| 110 |
-
# In development (HTTP), use lax samesite and secure=False
|
| 111 |
-
# In production (HTTPS), use none samesite and secure=True
|
| 112 |
-
is_production = os.getenv("ENVIRONMENT", "development") == "production"
|
| 113 |
-
|
| 114 |
response.set_cookie(
|
| 115 |
key="session_token",
|
| 116 |
value=token,
|
| 117 |
httponly=True,
|
| 118 |
max_age=SESSION_MAX_AGE,
|
| 119 |
-
samesite="none"
|
| 120 |
-
secure=
|
| 121 |
)
|
| 122 |
|
| 123 |
logger.info(f"Successful login for user: {username}")
|
|
@@ -175,4 +171,4 @@ async def status(session_token: Optional[str] = Cookie(None)):
|
|
| 175 |
return {
|
| 176 |
"authenticated": session_data is not None,
|
| 177 |
"username": session_data.get("username") if session_data else None
|
| 178 |
-
}
|
|
|
|
| 107 |
token = create_session(username)
|
| 108 |
|
| 109 |
# Set secure cookie
|
|
|
|
|
|
|
|
|
|
|
|
|
| 110 |
response.set_cookie(
|
| 111 |
key="session_token",
|
| 112 |
value=token,
|
| 113 |
httponly=True,
|
| 114 |
max_age=SESSION_MAX_AGE,
|
| 115 |
+
samesite="none",
|
| 116 |
+
secure=True # Required for SameSite=None
|
| 117 |
)
|
| 118 |
|
| 119 |
logger.info(f"Successful login for user: {username}")
|
|
|
|
| 171 |
return {
|
| 172 |
"authenticated": session_data is not None,
|
| 173 |
"username": session_data.get("username") if session_data else None
|
| 174 |
+
}
|