Uploaded image for project: 'ListenBrainz'
  1. ListenBrainz
  2. LB-398

Use flask-login "remember me" functionality

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Some users note that they get logged out of ListenBrainz quite often. It seems that the flask sessions have a relatively short lifespan.

      Flask-login can be used to lengthen this session time: https://flask-login.readthedocs.io/en/latest/#remember-me

      We should check the following things:

      • How long is the default flask session time currently?
      • How long do we want the flask-login time to be? It defaults to 1 year but we might want to make this smaller
      • Do we want to be able to force-logout users? If so, we'll have to use alternate tokens instead of user ids (As mentioned at the above link)
      • Do we have any endpoints that we want to require fresh logins for (where we require that the user re-log in even if they're remembered by the session)? I'm not sure how this works with the oauth login flow that we use.
      • What is the behaviour of flask if we have a remember-me cookie set but we change the application secret key? Does this cause a login, or a logout?

      We should keep in mind the comments made about not setting session cookies on API requests: https://flask-login.readthedocs.io/en/latest/#disabling-session-cookie-for-apis

      The same behaviour should be set up on LB, AB, CB, MeB.

        Attachments

          Activity

            People

            • Assignee:
              vansika Vansika Pareek
              Reporter:
              alastairp Alastair Porter
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package