feat: implement cross-tab coordination for token refresh and enhance logout handling
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m57s

This commit is contained in:
2026-03-27 23:02:29 -04:00
parent 89097a390e
commit a4e23aad11
6 changed files with 54 additions and 11 deletions

View File

@@ -99,7 +99,11 @@ def _create_refresh_token(user_id: str, token_family: str | None = None) -> tupl
def _set_auth_cookies(resp, access_token: str, raw_refresh_token: str):
"""Set both access and refresh token cookies on a response."""
expiry_days = current_app.config['REFRESH_TOKEN_EXPIRY_DAYS']
resp.set_cookie('access_token', access_token, httponly=True, secure=True, samesite='Strict')
resp.set_cookie(
'access_token', access_token,
httponly=True, secure=True, samesite='Lax',
max_age=ACCESS_TOKEN_EXPIRY_MINUTES * 60,
)
resp.set_cookie(
'refresh_token', raw_refresh_token,
httponly=True, secure=True, samesite='Strict',