request: opposite default behavior for SOCIAL_AUTH_SESSION_EXPIRATION #356
Comments
|
@gameguy43, I think that your request is reasonable and should be applied, I'm look forward that PR. Thanks! |
|
resolved with #358 |
|
Hi, what happen with this commit?, I see the change in the master branch, but not in the latest v0.1.26 on pip (neither in v0.1.24, 0.1.25) Anyone know anything about it? @omab @gameguy43 At the moment, when using google-plus backend, the sessionid expires in 1 hour, unless the SOCIAL_AUTH_SESSION_EXPIRATION is False. @omab @gameguy43 |
|
@eyscode, the change is not released at the moment, |
|
Thanks for the prompt reply. |
|
This is released now. |
|
👍 |
|
Cool (: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey there,
I just had quite a bit of trouble debugging a tricky issue where /some/ of my users were getting logged out just an hour or so after logging in.
After some digging, I learned that the issue was mostly effecting google-oauth2 users.
Finally, I noticed that the issue was the default setting for SOCIAL_AUTH_SESSION_EXPIRATION, which was /overriding/ the SESSION_COOKIE_AGE setting to make user sessions only last as long as the token from the auth provider. In the case of google-oauth2, this is just an hour or so. It was quite confusing that even though I had django setting for SESSION_COOKIE_AGE (set to 1 year), this setting was not being honored.
So I suggest that the /default/ behavior should be to respect SESSION_COOKIE_AGE, with the /option/ to favor the auth provider's 'expires' header.
Happy to write a pull request if project maintainers agree. Thanks!
The text was updated successfully, but these errors were encountered: