dc0ffaf2d8
Add a new config SESSION_REFRESH (default True) which turns SESSION_TIMEOUT into an idle timeout rather than a hard timeout. The existing hard timeout is awful UX, and while SESSION_TIMEOUT could be set to a higher value, it still makes for a somewhat unpleasant experience. Co-Authored-By: Akihiro Motoki <amotoki@gmail.com> Change-Id: Icc6942e62c4e8d2fac57988b0a2233a8073b1944
12 lines
459 B
YAML
12 lines
459 B
YAML
---
|
|
features:
|
|
- |
|
|
New setting ``SESSION_REFRESH`` (defaults to ``True``) that allows the user
|
|
session expiry to be refreshed for every request until the token itself
|
|
expires. ``SESSION_TIMEOUT`` acts as an idle timeout value now.
|
|
upgrade:
|
|
- |
|
|
``SESSION_TIMEOUT`` now by default acts as an idle timeout rather than a
|
|
hard timeout limit. If you wish to retain the old hard timeout
|
|
functionality set ``SESSION_REFRESH`` to ``False``.
|