Indefinite / Long term sessions for release-monitoring.org #952
Comments
|
This would also reduce the frequency of being annoyed by bug #913 |
|
I could actually change the session length to indefinite, I don't think this will add any vulnerability exposure. Most of the action still relies on CSRF token and you could still log out if you need to. |
Zlopez
added
type.feature
|
Looking at the Flask documentation, there is probably no way to set indefinite session time. But I can set it to one month or week if needed. I will mark this as enhancement. |
|
Seems the previous 24-hour session is also gone (reverted?): |
|
Yes, could you set a cookie so it doesn't logout when your close the browser? |
|
The session length is now set to 24 hours and it doesn't matter if you close your browser or not. If you have any issue with losing session when closing browser it's probably a browser issue. |
|
It would be nice if this was longer than 24hr. |
|
I set the session timeout to one week. See PR. This is now deployed and running on https://release-monitoring.org I'm closing the issue, feel free to reopen it. |
See also, #340
But 24 hours is still very short, considering most of my "important" tools like:
Have literally infinite sessions.
If this is not smart for "everyone", perhaps add a login toggle that extends your session to something like 3 months.
Because as is, my need to change content on rm.o is roughly every 3-4 days in the middle of a mass sweep downstream, and having to re-login before every change is still a thing as a result.
The text was updated successfully, but these errors were encountered: