From 8577ff126ffac629f67215d8310197f1e814b2df Mon Sep 17 00:00:00 2001
From: Martin Mayer <martin.mayer@m2-it-solutions.de>
Date: Sun, 30 Jun 2024 20:11:19 +0200
Subject: [PATCH] Align language cookie with session lifetime

---
 netbox/account/views.py     |  4 ++--
 netbox/netbox/middleware.py | 12 +++++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/netbox/account/views.py b/netbox/account/views.py
index feb85fdfe..d7c43aebf 100644
--- a/netbox/account/views.py
+++ b/netbox/account/views.py
@@ -111,7 +111,7 @@ class LoginView(View):
 
             # Set the user's preferred language (if any)
             if language := request.user.config.get('locale.language'):
-                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language)
+                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language, max_age=request.session.get_expiry_age())
 
             return response
 
@@ -206,7 +206,7 @@ class UserConfigView(LoginRequiredMixin, View):
 
             # Set/clear language cookie
             if language := form.cleaned_data['locale.language']:
-                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language)
+                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language, max_age=request.session.get_expiry_age())
             else:
                 response.delete_cookie(settings.LANGUAGE_COOKIE_NAME)
 
diff --git a/netbox/netbox/middleware.py b/netbox/netbox/middleware.py
index c8ebcf34e..e15cb560d 100644
--- a/netbox/netbox/middleware.py
+++ b/netbox/netbox/middleware.py
@@ -43,17 +43,15 @@ class CoreMiddleware:
             login_url = f'{settings.LOGIN_URL}?next={parse.quote(request.get_full_path_info())}'
             return HttpResponseRedirect(login_url)
 
-        # If language cookie is not set, check if it should be set and redirect to requested page
-        if request.user.is_authenticated and not request.COOKIES.get(settings.LANGUAGE_COOKIE_NAME):
-            if language := request.user.config.get('locale.language'):
-                response = HttpResponseRedirect(request.path)
-                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language)
-                return response
-
         # Enable the event_tracking context manager and process the request.
         with event_tracking(request):
             response = self.get_response(request)
 
+        # Check if language cookie should be renewed
+        if request.user.is_authenticated and settings.SESSION_SAVE_EVERY_REQUEST:
+            if language := request.user.config.get('locale.language'):
+                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language, max_age=request.session.get_expiry_age())
+
         # Attach the unique request ID as an HTTP header.
         response['X-Request-ID'] = request.id