datasette.set_actor_cookie() and datasette.delete_actor_cookie(), closes #1690

datasette/app.py

@@ -67,6 +67,7 @@ from .utils import (
     StartupError,
     async_call_with_supported_arguments,
     await_me_maybe,
+    baseconv,
     call_with_supported_arguments,
     detect_json1,
     display_actor,
@@ -1430,6 +1431,18 @@ class Datasette:
 
         return await template.render_async(template_context)
 
+    def set_actor_cookie(
+        self, response: Response, actor: dict, expire_after: Optional[int] = None
+    ):
+        data = {"a": actor}
+        if expire_after:
+            expires_at = int(time.time()) + (24 * 60 * 60)
+            data["e"] = baseconv.base62.encode(expires_at)
+        response.set_cookie("ds_actor", self.sign(data, "actor"))
+
+    def delete_actor_cookie(self, response: Response):
+        response.set_cookie("ds_actor", "", expires=0, max_age=0)
+
     async def _asset_urls(self, key, template, context, request, view_name):
         # Flatten list-of-lists from plugins:
         seen_urls = set()

datasette/views/special.py

@@ -85,7 +85,7 @@ class AuthTokenView(BaseView):
             self.ds._root_token = None
             response = Response.redirect(self.ds.urls.instance())
             root_actor = {"id": "root"}
-            response.set_cookie("ds_actor", self.ds.sign({"a": root_actor}, "actor"))
+            self.ds.set_actor_cookie(response, root_actor)
             await self.ds.track_event(LoginEvent(actor=root_actor))
             return response
         else:
@@ -107,7 +107,7 @@ class LogoutView(BaseView):
 
     async def post(self, request):
         response = Response.redirect(self.ds.urls.instance())
-        response.set_cookie("ds_actor", "", expires=0, max_age=0)
+        self.ds.delete_actor_cookie(response)
         self.ds.add_message(request, "You are now logged out", self.ds.WARNING)
         await self.ds.track_event(LogoutEvent(actor=request.actor))
         return response