Change session token generation mecanism.

accountant/api/models/users.py

@@ -16,7 +16,7 @@
 """
 # vim: set tw=80 ts=4 sw=4 sts=4:
 from passlib.hash import sha256_crypt as crypt
-from itsdangerous import (TimedJSONWebSignatureSerializer as Serializer,
+from itsdangerous import (URLSafeTimedSerializer as Serializer,
                           BadSignature, SignatureExpired)
 
 from flask import current_app as app
@@ -47,8 +47,9 @@ class User(UserMixin, db.Model):
     def verify_password(self, password):
         return crypt.verify(password, self.password)
 
-    def generate_auth_token(self, expiration=600):
-        serializer = Serializer(app.config['SECRET_KEY'], expires_in=expiration)
+    def generate_auth_token(self):
+        serializer = Serializer(app.secret_key)
+
         return serializer.dumps({'id': self.id})
 
     @classmethod
@@ -56,7 +57,7 @@ class User(UserMixin, db.Model):
         serializer = Serializer(app.config['SECRET_KEY'])
 
         try:
-            data = serializer.loads(token)
+            data = serializer.loads(token, max_age=app.config["SESSION_TTL"])
         except SignatureExpired:
             return None
         except BadSignature: