Adding Max-Age in Set-Cookie function

[pokpe]

When setting the cookie in: response.set_cookie(app.session_cookie_name, session_id, expires=expires, httponly=httponly, domain=domain, path=path, secure=secure)

Would it be possable to add a option parameter of max_age when setting the cookie for browsers that support it?

I have a embedded system where the user can manually set the server clock. If the user sets the server clock to a point in time after the current time some browsers (e.x. Firefox) deletes the cookie every time and you cant login.

Instead of only using a absolute time via timestamp it would be great if max_age was added as an option where a number of seconds untill the cookie expires can be set.

if the browser support both and both are set. The Max-Age parameter till override the Expires parameter.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

[christopherpickering]

@pokpe the cookie length is coming from this setting in your flask app: https://flask.palletsprojects.com/en/2.3.x/api/?highlight=session#flask.sessions.SessionInterface.get_expiration_time