I've got the authentication working with flask-login, but it seems like no matter what I use for the cookie duration in flask, the session is still authenticated. Am I setting the config variables properly for flask-login? I've tried
app.REMEMBER_COOKIE_DURATION = datetime.timedelta(seconds=30)
app.config["REMEMBER_COOKIE_DURATION"] = datetime.timedelta(seconds=30)
Even if I close the browser, wait a while, and hit a url that should be protected, I can still access it. Is this related to this issue with chrome?. If I clear my cookies, I get the expected login page. All this makes me think that the cookie timeout is not being respected.
Also, what does PERMANENT_SESSION_LIFETIME
do in flask?