Skip to content

Enable session persistence

Nick Sellen requested to merge persistent-sessions into master

What does this MR do?

Whilst looking into android development I noticed foodsharing does not use persistent cookies (i.e. ones with a "Max-Age" or "Expires" set) - so they are "session" cookies so that when you close the browser they will be removed and you will be logged out when you come back again. This meant the library I was using in the android app would not save them between app starts.... but also seems very annoying for normal web users.

@k.miklobusec mentioned in slack that maybe it was due to historic use of shared computers:

Also some foodsavers share a computerand that caused some problems back in thay. (Neglectable now) .

It was almost configured, just commented out. The session duration is set to 1 week.

This MR adds the remember_me parameter to the REST login method. It will default to false. This is primarily so the android app can use it for now. The existing webapp needs a "remember_me" UI to be done first, and I will leave it out of this MR.

How confident are you it won't break things if deployed?

Maybe there was a problem with them that will reveal itself again. The flourish lib that we use for sessions is not the most up to date library...

Also, session storage will increase due to the increased duration - we store the data in redis, so maybe we can keep an eye on that.

Links to related issues


  • added a test, or explain why one is not needed/possible... (basic change)
  • no unrelated changes
  • asked someone for a code review
  • joined #foodsharing-beta channel at
  • added an entry to (description, merge request link, username(s))
Edited by Chris Oelmueller

Merge request reports