Flask session timeout
Pierre-Yves Chibon
pingou at pingoured.fr
Wed Nov 27 16:48:44 UTC 2013
On Wed, Nov 27, 2013 at 08:31:53AM -0800, Toshio Kuratomi wrote:
> On Wed, Nov 27, 2013 at 04:42:49PM +0100, Pierre-Yves Chibon wrote:
> > Hi,
> >
> > At the moment in fedocal, pkgdb2 and probably other apps using flask_fas_openid,
> > the timeout for the session is the default one which is set to 31 days.
> >
> > This can of course be changed and I was wondering what we think would be best as
> > a default timeout.
> >
> > Thougths?
> >
> > Thanks,
> > Pierre
> >
> >
> > PS: Change the timeout in Flask:
> > http://stackoverflow.com/questions/11783025/is-there-an-easy-way-to-make-sessions-timeout-in-flask
> >
>
> No more than 2 days. Probably no more than 1 day.
>
> No less than 20 minutes (FAS has an idle timeout of 20 minutes).
Should we go for 1 hour then?
> Is this an idle timeout or an absolute timeout?
That I do not know.
http://flask.pocoo.org/docs/config/ just says:
the lifetime of a permanent session as datetime.timedelta object. Starting with
Flask 0.8 this can also be an integer representing seconds.
The good news is that it looks like we can just set it up in the configuration
file using the key: PERMANENT_SESSION_LIFETIME w/o having to change anything in
the application itself.
Pierre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20131127/49c028cc/attachment-0001.sig>
More information about the infrastructure
mailing list