Some users note that they get logged out of ListenBrainz quite often. It seems that the flask sessions have a relatively short lifespan.

Flask-login can be used to lengthen this session time: https://flask-login.readthedocs.io/en/latest/#remember-me

We should check the following things:

• How long is the default flask session time currently?
• How long do we want the flask-login time to be? It defaults to 1 year but we might want to make this smaller
• Do we want to be able to force-logout users? If so, we'll have to use alternate tokens instead of user ids (As mentioned at the above link)
• Do we have any endpoints that we want to require fresh logins for (where we require that the user re-log in even if they're remembered by the session)? I'm not sure how this works with the oauth login flow that we use.
• What is the behaviour of flask if we have a remember-me cookie set but we change the application secret key? Does this cause a login, or a logout?

We should keep in mind the comments made about not setting session cookies on API requests: https://flask-login.readthedocs.io/en/latest/#disabling-session-cookie-for-apis

The same behaviour should be set up on LB, AB, CB, MeB.