It's quite difficult at the moment to set the expiry date for the session. Ideally something like this could work (although it might require subclassing SecureCookie):
if request.form.get('remember_me', False):
session.expires = timedelta(days=30)
Yep, that would be nice. But because sessions setting works a little bit different (cookie is reset if information is written) the only working solution would be to store the expiration information inside the session directly.
Eg: session['max_age'] = timedelta(days=30) or session['expires'] = datetime.utcnow() + timedelta(days=30). Not sure how to decide about that, will consider something.
Added support for long running sessions. This closed by 36717b0.