feat(flask): make refresh cookie name configurable (#7473)

2025-12-19 17:37:19 -05:00 · 2025-07-09 18:09:24 +02:00
parent df8be91a07
commit f3b0b60abd
2 changed files with 2 additions and 0 deletions
--- a/redash/security.py
+++ b/redash/security.py
@@ -25,6 +25,7 @@ def init_app(app):
    app.config["WTF_CSRF_CHECK_DEFAULT"] = False
    app.config["WTF_CSRF_SSL_STRICT"] = False
    app.config["WTF_CSRF_TIME_LIMIT"] = settings.CSRF_TIME_LIMIT
+    app.config["SESSION_COOKIE_NAME"] = settings.SESSION_COOKIE_NAME

    @app.after_request
    def inject_csrf_token(response):
--- a/redash/settings/init.py
+++ b/redash/settings/init.py
@@ -82,6 +82,7 @@ SESSION_COOKIE_SECURE = parse_boolean(os.environ.get("REDASH_SESSION_COOKIE_SECU
 # Whether the session cookie is set HttpOnly.
 SESSION_COOKIE_HTTPONLY = parse_boolean(os.environ.get("REDASH_SESSION_COOKIE_HTTPONLY", "true"))
 SESSION_EXPIRY_TIME = int(os.environ.get("REDASH_SESSION_EXPIRY_TIME", 60 * 60 * 6))
+SESSION_COOKIE_NAME = os.environ.get("REDASH_SESSION_COOKIE_NAME", "session")

 # Whether the session cookie is set to secure.
 REMEMBER_COOKIE_SECURE = parse_boolean(os.environ.get("REDASH_REMEMBER_COOKIE_SECURE") or str(COOKIES_SECURE))