You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do you have thoughts on what's involved here? I got pretty far along with Flask's native cookie-based sessions, but ran into issues with the XSRF-TOKEN not being saved on the session by the XHR request to /v1/user/email.
Fixed in ab8bc60. This uses Flask secure cookies, with a lifetime and max lifetime setting. Users get a permanent cookie that has expiration defined in the session. When users do actions in the interface they get their expiration time updated. The session can only be extended up to the maximum session lifetime. This makes it possible to limit session lifetimes to a relatively short period of time (like 1 hour), with a longer maximum lifetime (like 24 hours). Redis is still there for those who want it.
We should be able to handle sessions and auth without redis, especially since it's the only place we're using it.
The text was updated successfully, but these errors were encountered: