From ef27d771fba7c791c469cfdda9feb4b536a5a9de Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@splat.cc>
Date: Thu, 12 Jan 2017 16:25:56 -0500
Subject: [PATCH] Set CSRF_COOKIE_AGE to 'None'.

This causes them to be sent as session cookies, not 1-year cookies.
---
 awx/settings/defaults.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 7915a1fead..8ce67fdea5 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -169,6 +169,10 @@ SESSION_COOKIE_SECURE = True
 # Disallow sending csrf cookies over insecure connections
 CSRF_COOKIE_SECURE = True
 
+# Limit CSRF cookies to browser sessions
+CSRF_COOKIE_AGE = None
+
+
 TEMPLATE_CONTEXT_PROCESSORS = (  # NOQA
     'django.contrib.auth.context_processors.auth',
     'django.core.context_processors.debug',