Fix Version/s: None
Some users note that they get logged out of ListenBrainz quite often. It seems that the flask sessions have a relatively short lifespan.
Flask-login can be used to lengthen this session time: https://flask-login.readthedocs.io/en/latest/#remember-me
We should check the following things:
- How long is the default flask session time currently?
- How long do we want the flask-login time to be? It defaults to 1 year but we might want to make this smaller
- Do we want to be able to force-logout users? If so, we'll have to use alternate tokens instead of user ids (As mentioned at the above link)
- Do we have any endpoints that we want to require fresh logins for (where we require that the user re-log in even if they're remembered by the session)? I'm not sure how this works with the oauth login flow that we use.
- What is the behaviour of flask if we have a remember-me cookie set but we change the application secret key? Does this cause a login, or a logout?
We should keep in mind the comments made about not setting session cookies on API requests: https://flask-login.readthedocs.io/en/latest/#disabling-session-cookie-for-apis
The same behaviour should be set up on LB, AB, CB, MeB.