✏️ Fix: [#53] https에서만 세션 쿠키 전송 설정 및 엑세스 토큰 유효기간 롤백

2025-05-13 15:19:43 +09:00
parent e3f5539fd2
commit a8d65ece5c
1 changed files with 2 additions and 2 deletions
--- a/config/settings.py
+++ b/config/settings.py
@@ -174,7 +174,7 @@ REST_FRAMEWORK = {
 REST_USE_JWT = True

 SIMPLE_JWT = {
-    'ACCESS_TOKEN_LIFETIME': timedelta(days=7), # minutes = 15
+    'ACCESS_TOKEN_LIFETIME': timedelta(minutes= 15),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
    'ROTATE_REFRESH_TOKENS': True,
    'BLACKLIST_AFTER_ROTATION': True,
@@ -213,7 +213,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_COOKIE_AGE = 86400

 # https에서만 세션 쿠키가 전송 (default false) https 배포 시 true로
-SESSION_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = True

 GOOGLE_CLIENT_ID = env('GOOGLE_CLIENT_ID')