{"html_url": "https://github.com/simonw/datasette/issues/829#issuecomment-642217520", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/829", "id": 642217520, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjIxNzUyMA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-10T19:41:35Z", "updated_at": "2020-06-10T19:41:35Z", "author_association": "OWNER", "body": "I didn't bother with the alternative epoch - it only shaves off two or three bytes from the cookie.\r\n\r\nDocumentation for the new `ds_actor` cookie shape is here: https://datasette.readthedocs.io/en/latest/authentication.html#the-ds-actor-cookie", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 636426530, "label": "Ability to set ds_actor cookie such that it expires"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/829#issuecomment-642178604", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/829", "id": 642178604, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjE3ODYwNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-10T18:18:36Z", "updated_at": "2020-06-10T18:20:19Z", "author_association": "OWNER", "body": "Even shorter: encode an integer that is the difference between that expiry timestamp and a more recent epoch - June 1st 2020 will do.\r\n\r\n```\r\n>>> import datetime, calendar\r\n>>> calendar.timegm(datetime.date(2020, 6, 1).timetuple())\r\n1590969600\r\n>>> import baseconv\r\n>>> baseconv.base62.encode(int(time.time() - 1590969600))\r\n'3XST'\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 636426530, "label": "Ability to set ds_actor cookie such that it expires"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/829#issuecomment-642176180", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/829", "id": 642176180, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjE3NjE4MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-10T18:14:02Z", "updated_at": "2020-06-10T18:14:15Z", "author_association": "OWNER", "body": "And the `e` key can be `null`or missing for \"never expires\".", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 636426530, "label": "Ability to set ds_actor cookie such that it expires"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/829#issuecomment-642175892", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/829", "id": 642175892, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjE3NTg5Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-10T18:13:26Z", "updated_at": "2020-06-10T18:13:26Z", "author_association": "OWNER", "body": "I'm going with `expires_at` - except to keep the cookies shorter the key will be called `e` and the actor will go in `a`, like this:\r\n\r\n```json\r\n{\r\n    \"e\": \"1UuHoo\",\r\n    \"a\": {\"id\": \"root\"}\r\n}\r\n```\r\nThat `e` value is a base64 encoded expiry integer timestamp (again for a shorter cookie) - using https://pypi.org/project/python-baseconv/", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 636426530, "label": "Ability to set ds_actor cookie such that it expires"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/829#issuecomment-642174272", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/829", "id": 642174272, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjE3NDI3Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-10T18:10:13Z", "updated_at": "2020-06-10T18:10:13Z", "author_association": "OWNER", "body": "Some options:\r\n\r\n- Redesign the `ds_actor` cookie to be `{\"expires_at\": 1591811250, \"actor\": ...}` - check if it has expired in that default `actor_from_request` hook\r\n- Let plugins set an additional cookie of some sort\r\n- Expect plugins that care about this to set a cookie with a different name and implement their own `actor_from_request` against that", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 636426530, "label": "Ability to set ds_actor cookie such that it expires"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/829#issuecomment-642161210", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/829", "id": 642161210, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjE2MTIxMA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-10T17:45:58Z", "updated_at": "2020-06-10T17:45:58Z", "author_association": "OWNER", "body": "`itsdangerous` has this ability but you specify the max-age when you call unsign: https://itsdangerous.palletsprojects.com/en/1.1.x/timed/\r\n\r\n>     s.unsign(string, max_age=5)\r\n>     Traceback (most recent call last):\r\n>       ...\r\n>     itsdangerous.exc.SignatureExpired: Signature age 15 > 5 seconds\r\n\r\nI currently only decode the `ds_actor` cookie in one place: https://github.com/simonw/datasette/blob/d828abaddec0dce3ec4b4eeddc3a74384e52cf34/datasette/actor_auth_cookie.py#L5-L12\r\n\r\nIf plugins want to be able to set their own policies on how long the `ds_actor` cookie should remain valid, how do I know to listen to them when decoding the cookie here?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 636426530, "label": "Ability to set ds_actor cookie such that it expires"}, "performed_via_github_app": null}