fix: refresh auth freshness during active sessions

2026-04-01 17:48:04 +02:00
parent 6254a059b4
commit 5fab01d57a
2 changed files with 23 additions and 1 deletions
--- a/backend/workflows/middleware.py
+++ b/backend/workflows/middleware.py
@@ -154,7 +154,10 @@ class AuthSessionHardeningMiddleware:

    def _touch_session(self, request, now_ts: int) -> None:
        request.session['last_activity_ts'] = now_ts
-        request.session.setdefault('auth_fresh_ts', now_ts)
+        if request.method in {'GET', 'HEAD'}:
+            request.session['auth_fresh_ts'] = now_ts
+        else:
+            request.session.setdefault('auth_fresh_ts', now_ts)

    def _warn(self, request, message: str) -> None:
        try: