feat(auth): add cookie to identify authenticated browsers

alanzhu0 · alanzhu0 · commit dc0208507726 · 2023-11-23T20:48:45.000-05:00
diff --git a/intranet/apps/auth/views.py b/intranet/apps/auth/views.py
@@ -234,7 +234,18 @@ def post(self, request):
                 return redirect("welcome")
 
             next_page = request.POST.get("next", request.GET.get("next", default_next_page))
-            return redirect(next_page)
+
+            response = redirect(next_page)
+            response.set_cookie(
+                "ion_authenticated",
+                value=settings.ION_AUTHENTICATED_COOKIE_VALUE,
+                max_age=60 * 60 * 24 * 365 * 5,  # 5 years
+                secure=True,
+                httponly=True,
+                samesite="Lax",
+            )
+
+            return response
         else:
             log_auth(request, "failed")
             logger.info("Login failed as %s", request.POST.get("username", "unknown"))
diff --git a/intranet/settings/__init__.py b/intranet/settings/__init__.py
@@ -156,6 +156,8 @@
 SESSION_COOKIE_SECURE = PRODUCTION
 CSRF_COOKIE_SECURE = PRODUCTION
 
+ION_AUTHENTICATED_COOKIE_VALUE = "ion_dev_test"  # Set to a random value in production. Used for balancer rate limiting.
+
 if not PRODUCTION:
     # We don't care about session security when running a testing instance.
     SECRET_KEY = "_5kc##e7(!4=4)h4slxlgm010l+43zd_84g@82771ay6no-1&i"
