Why does openedx set session expiration to hard-coded value?

I was scraping through edx-platform code trying to understand why my application’s sessions were getting stored in redis with a higher expiration than expected and I found this line which hard-codes session expiration. https://github.com/openedx/edx-platform/blob/master/openedx/core/djangoapps/user_authn/views/login.py/#L315

What is the reason for doing this rather than allowing django.contrib.session.backends.cache to use the SESSION_COOKIE_AGE setting?

1 Like

Oh, that explains it! I tried so many settings on our internal LMS to keep sessions logged in forever, and yet eventually they would always expire. :confused: I agree it should use the configuration.


Yep seems like a bug that was introduced when we wanted to start ignoring the “keep me logged in” checkbox.