From 08c77669b29ab98ee323988123d9f1a24c1f5d31 Mon Sep 17 00:00:00 2001 From: Leo Date: Thu, 21 May 2026 22:53:25 -0400 Subject: [PATCH] Session expiry: tokens expire after 1 day (auth consistency) --- admin_server.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin_server.py b/admin_server.py index 4c3aa63..b03043f 100644 --- a/admin_server.py +++ b/admin_server.py @@ -395,7 +395,7 @@ async def auth_middleware(request: Request, call_next): conn = get_db() row = conn.execute( "SELECT u.id, u.username, u.role FROM users u " - "JOIN sessions s ON u.id = s.user_id WHERE s.token = ?", + "JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')", (token,), ).fetchone() conn.close() @@ -810,7 +810,7 @@ def login(body: dict): token = _generate_token() conn.execute( - "INSERT INTO sessions (user_id, token) VALUES (?, ?)", + "INSERT INTO sessions (user_id, token, expires_at) VALUES (?, ?, datetime('now', '+1 day'))", (row["id"], token), ) conn.commit()