By default, Flask uses volatile sessions, which means the session cookie is set to expire when browser closes. In order to use permanent sessions, which will use a cookie with a defined expiration date, one should set session.permanent = True
, as is mentioned in this question., and the expiration date will be set based on config['PERMANENT_SESSION_LIFETIME']
.
I am surprised that session lifetime is defined in config file, yet it is not possible to request the use of permanent sessions through configuration, such as a config['USE_PERMANENT_SESSION'] = True
. But so be it.
My question is: if you do want permanent sessions, what is the best place to define them ? Is it in an @app.before_request
function as proposed in mentioned question ? But that would mean setting it over again at each request ? It seems that once set, session.permanent
remains true till end of session.
Permanent sessions are generally used after sign-in, so maybe the best place to request them is while processing login_user()
? So is the best policy to use volatile session cookies for all anonymous pages, and switch to permanent sessions by doing a session.permanent = True
at sign-in ?
And one might want to set a different lifetime depending on whether it is the ordinary session
cookie, or the remember_me
cookie. What would be the best way to achieve this ?
I'm surprised no on has answered this question. It seems like there should be some type of config variable SESSION_PERMANENT = True
. But unfortunately there isn't. As you mentioned this is the best way to do it.
@app.before_request
def make_session_permanent():
session.permanent = True