How to stay logged in?

braden · January 28, 2021, 6:00am

It seems like every time I want to go to https://courses.opencraft.com/ , I have to log in all over again. Does someone know what configuration changes are needed to make users stay logged in forever? And can we make that the default for all Ocim instances?

I recall that we’ve done it for some clients, and I think it requires changing a few different settings, which is why I’m asking.

You can log time for this thread on MNG-1817 since that’s where it came up.

Fox · January 28, 2021, 7:52pm

>>> settings.SESSION_COOKIE_AGE
1209600
>>> settings.SESSION_COOKIE_AGE / 60 /60 / 24 / 7
2.0

The default SESSION_COOKIE_AGE setting is two weeks. We could set it to 31449600 to make it one year, which I believe is the maximum age for a cookie.

braden · January 28, 2021, 10:30pm

Great, thanks! What do you think, should I change the default for all instances or just courses.opencraft.com ?

Fox · January 28, 2021, 11:12pm

All of them. Making the logins short should be opt-in, not opt-out. For nearly all of our clients, having to log in over and over is friction between them and their learners that they do not need.

Granted, active learners should, presumably, be logging in more often, but two weeks isn’t absurd for a break, and happens often enough to be annoying.

kshitij · January 29, 2021, 7:03am

Additionally, from what I remember we don’t use database-backed sessions, so each redeployment should cause all users to get logged out. Ref https://tasks.opencraft.com/browse/OC-2096

braden · February 2, 2021, 10:46pm

Thanks for the info @fox and @kshitij - I’m going to try to get that change done (planned as MNG-1938).

braden · April 15, 2021, 12:00am

Update: I have made configuration changes to https://courses.opencraft.com/ to make the session cookies last for a year and use database-backed sessions.

EDXAPP_LMS_ENV_EXTRA:
  # Stay logged in for one year, not two weeks
  SESSION_COOKIE_AGE: 31536000
  # Use database-backed sessions to stay logged in across appserver deploys. We have EDXAPP_CLEARSESSIONS_CRON_ENABLED to clean up old data.
  SESSION_ENGINE: django.contrib.sessions.backends.cached_db
EDXAPP_CMS_ENV_EXTRA:
  SESSION_COOKIE_AGE: 31536000
  SESSION_ENGINE: django.contrib.sessions.backends.cached_db

For now I will test this configuration on courses.opencraft.com (currently deploying a new appserver to test), and if there are no issues I’ll make it a default for all Ocim instances.

See comment on MNG-1938 for more details (including why a past attempt at cached_db was reverted) or to log time.