On Saturday, September 19, 2020 at 12:00:28 PM UTC-4 mmer...@gmail.com wrote:
> It could support changing the max_age when you invoke > `adjust_timeout_for_session` but it apparently is not. > I'm the package author. `adjust_timeout_for_session` doesn't affect `max_age` because that defect was in the original project "pyramid_redis_sessions" that my project was forked from. The "expires" cookie attribute is also not supported in any way, for the same reason. I've never needed either of these, so the issue never came up before. I have no issue with supporting these features, but it's likely not going to happen until I need to use these features myself or someone else issues a PR. Writing support for this is pretty simple, but there are a few things it may affect in the overall API (there are both `timeout` and `expires` concepts this could alter) and writing enough test coverage to make it safe to merge it will be a few hours of work. > On Sep 19, 2020, at 07:34, zsol...@gmail.com <zsol...@gmail.com> wrote: > > Ideally, I'd like to achieve never logging out logged-in users, as it's > bad for user experience, but at the same time limit bots and non-logged-in > users to 1800 seconds. > > IMHO the only way to achieve the UX of "never logging out logged-in users" is to use an ancillary client-side secure/encrypted "autologin" cookie, which will establish a new session for a given user if their session cookie is expired or missing. There are far too many scenarios that can cause a loss of ServerSide/Redis session data, including: bot traffic, ddos, usage spikes, server crashes, etc (all of which I've experienced). Implementing this in Pyramid is fairly simple, thanks to the tweens. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/8753876a-bf3f-46e7-ac3b-6f03730462e1n%40googlegroups.com.
