🚸 — Add a long expiration date on auto-refresh cookies

CHANGELOG.md

@@ -7,6 +7,7 @@
 - ✨ — Ability to delay notification after X failures (#71)
 - 🐛 — Fix bug when changing IP version not removing tasks (#72)
 - ✨ — Allow to specify form data and headers for checks (#70)
+- 🚸 — Add a long expiration date on auto-refresh cookies
 
 ## 0.6.1
 

argos/server/routes/views.py

@@ -357,8 +357,21 @@ async def set_refresh_cookies_view(
         request.url_for("get_severity_counts_view"),
         status_code=status.HTTP_303_SEE_OTHER,
     )
-    response.set_cookie(key="auto_refresh_enabled", value=str(auto_refresh_enabled))
+    # Cookies’ age in Chrome can’t be more than 400 days
+    # https://developer.chrome.com/blog/cookie-max-age-expires
+    delta = int(timedelta(days=400).total_seconds())
     response.set_cookie(
-        key="auto_refresh_seconds", value=str(max(5, int(auto_refresh_seconds)))
+        key="auto_refresh_enabled",
+        value=str(auto_refresh_enabled),
+        httponly=True,
+        samesite="strict",
+        expires=delta,
+    )
+    response.set_cookie(
+        key="auto_refresh_seconds",
+        value=str(max(5, int(auto_refresh_seconds))),
+        httponly=True,
+        samesite="strict",
+        expires=delta,
     )
     return response