From 1e7672abca7fbe20e9f9ec9e4e1373ef504bcea4 Mon Sep 17 00:00:00 2001
From: Luc Didry <luc@didry.org>
Date: Tue, 10 Dec 2024 14:28:04 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=B8=20=E2=80=94=20Add=20a=20long=20exp?=
 =?UTF-8?q?iration=20date=20on=20auto-refresh=20cookies?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                 |  1 +
 argos/server/routes/views.py | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b368c0a..4d62eb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 - ✨ — Ability to delay notification after X failures (#71)
 - 🐛 — Fix bug when changing IP version not removing tasks (#72)
 - ✨ — Allow to specify form data and headers for checks (#70)
+- 🚸 — Add a long expiration date on auto-refresh cookies
 
 ## 0.6.1
 
diff --git a/argos/server/routes/views.py b/argos/server/routes/views.py
index ae2f51c..3242972 100644
--- a/argos/server/routes/views.py
+++ b/argos/server/routes/views.py
@@ -357,8 +357,21 @@ async def set_refresh_cookies_view(
         request.url_for("get_severity_counts_view"),
         status_code=status.HTTP_303_SEE_OTHER,
     )
-    response.set_cookie(key="auto_refresh_enabled", value=str(auto_refresh_enabled))
+    # Cookies’ age in Chrome can’t be more than 400 days
+    # https://developer.chrome.com/blog/cookie-max-age-expires
+    delta = int(timedelta(days=400).total_seconds())
     response.set_cookie(
-        key="auto_refresh_seconds", value=str(max(5, int(auto_refresh_seconds)))
+        key="auto_refresh_enabled",
+        value=str(auto_refresh_enabled),
+        httponly=True,
+        samesite="strict",
+        expires=delta,
+    )
+    response.set_cookie(
+        key="auto_refresh_seconds",
+        value=str(max(5, int(auto_refresh_seconds))),
+        httponly=True,
+        samesite="strict",
+        expires=delta,
     )
     return response