maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

mention that session signature checks max age

Browse source 
add expiration to cookie security docs
closes #2422
This commit is contained in:
David Lord 2017-08-01 08:28:32 -07:00
parent ed1f604727
commit 2efb565fbc
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
2 changed files with 36 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/config.rst
View file

@ -167,9 +167,12 @@ The following configuration values are used internally by Flask:
.. py:data:: PERMANENT_SESSION_LIFETIME
If ``session.permanent`` is true, the cookie's max age will be set to this
number of seconds. Can either be a :class:`datetime.timedelta` or an
``int``.
If ``session.permanent`` is true, the cookie's expiration will be set this
number of seconds in the future. Can either be a
:class:`datetime.timedelta` or an ``int``.
Flask's default cookie implementation validates that the cryptographic
signature is not older than this value.
Default: ``timedelta(days=31)`` (``2678400`` seconds)