update settings
Browse files- agent_manager/__init__.py +2 -2
- api/views.py +1 -1
- backend/settings.py +4 -4
agent_manager/__init__.py
CHANGED
|
@@ -159,8 +159,8 @@ def get_or_create_agent(cookie_session, chat_session):
|
|
| 159 |
# Normalize to string to avoid type-mismatch keys
|
| 160 |
session_key = str(cookie_session) if cookie_session else None
|
| 161 |
|
| 162 |
-
if not session_key or
|
| 163 |
-
if session_key in SESSION_AGENTS:
|
| 164 |
del SESSION_AGENTS[session_key]
|
| 165 |
cache.delete(f"chat_session_{session_key}")
|
| 166 |
session_key = str(uuid.uuid4())
|
|
|
|
| 159 |
# Normalize to string to avoid type-mismatch keys
|
| 160 |
session_key = str(cookie_session) if cookie_session else None
|
| 161 |
|
| 162 |
+
if not session_key or chat_session == 0:
|
| 163 |
+
if session_key and session_key in SESSION_AGENTS:
|
| 164 |
del SESSION_AGENTS[session_key]
|
| 165 |
cache.delete(f"chat_session_{session_key}")
|
| 166 |
session_key = str(uuid.uuid4())
|
api/views.py
CHANGED
|
@@ -19,7 +19,7 @@ def chat(request):
|
|
| 19 |
"""Start or continue an existing chat session."""
|
| 20 |
# Prefer secure HttpOnly cookie for session tracking
|
| 21 |
cookie_session = request.COOKIES.get("gm_session")
|
| 22 |
-
chat_session = request.data.get("
|
| 23 |
message = request.data.get("message")
|
| 24 |
|
| 25 |
if not message:
|
|
|
|
| 19 |
"""Start or continue an existing chat session."""
|
| 20 |
# Prefer secure HttpOnly cookie for session tracking
|
| 21 |
cookie_session = request.COOKIES.get("gm_session")
|
| 22 |
+
chat_session = request.data.get("chatSession", 0)
|
| 23 |
message = request.data.get("message")
|
| 24 |
|
| 25 |
if not message:
|
backend/settings.py
CHANGED
|
@@ -44,12 +44,12 @@ CORS_ALLOW_ALL_ORIGINS = False if MODE == 'production' else True
|
|
| 44 |
|
| 45 |
|
| 46 |
SESSION_COOKIE_HTTPONLY = True
|
| 47 |
-
SESSION_COOKIE_SECURE =
|
| 48 |
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
| 49 |
SESSION_COOKIE_AGE = 60 * 60 * 24 # 1 day
|
| 50 |
|
| 51 |
CSRF_COOKIE_HTTPONLY = True
|
| 52 |
-
CSRF_COOKIE_SECURE =
|
| 53 |
CSRF_TRUSTED_ORIGINS = [
|
| 54 |
origin.strip()
|
| 55 |
for origin in os.environ.get("CSRF_TRUSTED_ORIGINS", "").split(",")
|
|
@@ -60,9 +60,9 @@ CSRF_TRUSTED_ORIGINS = [
|
|
| 60 |
'http://localhost:3000'
|
| 61 |
]
|
| 62 |
|
| 63 |
-
SECURE_SSL_REDIRECT =
|
| 64 |
|
| 65 |
-
SECURE_CONTENT_TYPE_NOSNIFF =
|
| 66 |
|
| 67 |
# HSTS settings - only enable in production with proper HTTPS configuration
|
| 68 |
# WARNING: Once enabled, browsers will remember this for SECURE_HSTS_SECONDS seconds
|
|
|
|
| 44 |
|
| 45 |
|
| 46 |
SESSION_COOKIE_HTTPONLY = True
|
| 47 |
+
SESSION_COOKIE_SECURE = True if MODE == 'production' else False # secure cookies only over HTTPS in production
|
| 48 |
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
| 49 |
SESSION_COOKIE_AGE = 60 * 60 * 24 # 1 day
|
| 50 |
|
| 51 |
CSRF_COOKIE_HTTPONLY = True
|
| 52 |
+
CSRF_COOKIE_SECURE = True if MODE == 'production' else False
|
| 53 |
CSRF_TRUSTED_ORIGINS = [
|
| 54 |
origin.strip()
|
| 55 |
for origin in os.environ.get("CSRF_TRUSTED_ORIGINS", "").split(",")
|
|
|
|
| 60 |
'http://localhost:3000'
|
| 61 |
]
|
| 62 |
|
| 63 |
+
SECURE_SSL_REDIRECT = True if MODE == 'production' else False
|
| 64 |
|
| 65 |
+
SECURE_CONTENT_TYPE_NOSNIFF = True if MODE == 'production' else False
|
| 66 |
|
| 67 |
# HSTS settings - only enable in production with proper HTTPS configuration
|
| 68 |
# WARNING: Once enabled, browsers will remember this for SECURE_HSTS_SECONDS seconds
|