Remove redis dependency #12
Comments
|
Do you have thoughts on what's involved here? I got pretty far along with Flask's native cookie-based sessions, but ran into issues with the |
|
This would be an awesome feature. Maybe using stateless JWT? (warning: other security implications here) |
|
Fixed in ab8bc60. This uses Flask secure cookies, with a lifetime and max lifetime setting. Users get a permanent cookie that has expiration defined in the session. When users do actions in the interface they get their expiration time updated. The session can only be extended up to the maximum session lifetime. This makes it possible to limit session lifetimes to a relatively short period of time (like 1 hour), with a longer maximum lifetime (like 24 hours). Redis is still there for those who want it. |
We should be able to handle sessions and auth without redis, especially since it's the only place we're using it.
The text was updated successfully, but these errors were encountered: