Flask session timeout
Toshio Kuratomi
a.badger at gmail.com
Wed Nov 27 17:18:46 UTC 2013
On Wed, Nov 27, 2013 at 05:48:44PM +0100, Pierre-Yves Chibon wrote:
> On Wed, Nov 27, 2013 at 08:31:53AM -0800, Toshio Kuratomi wrote:
> >
> > No more than 2 days. Probably no more than 1 day.
> >
> > No less than 20 minutes (FAS has an idle timeout of 20 minutes).
>
> Should we go for 1 hour then?
>
Works for me. We've brought this up before and never come up with
a set-in-stone rule other than "everything should attempt to match". let's
document the time we've settled on for now on the App Best Practices page.
> > Is this an idle timeout or an absolute timeout?
>
> That I do not know.
> http://flask.pocoo.org/docs/config/ just says:
> the lifetime of a permanent session as datetime.timedelta object. Starting with
> Flask 0.8 this can also be an integer representing seconds.
>
Looking at the flask code, I think it's an idle timeout (the timeout gets
updated everytime a new request is made). So it matches our current TG1
apps in that respect.
> The good news is that it looks like we can just set it up in the configuration
> file using the key: PERMANENT_SESSION_LIFETIME w/o having to change anything in
> the application itself.
>
<nod>
We should probably look into updating our other apps to use an hour idle
timeout if they support it as well. The TG1 apps should just be a config
setting as well.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20131127/5e6858a7/attachment.sig>
More information about the infrastructure
mailing list