We have an option of logging in to our service via Google or Facebook. We also offer an option creating a local account. For local accounts we can specify whether the user will be remembered or not (i.e., kept logged in).
On the other hand, for Google and Facebook, there's no such option. So users are just remembered by default for some reason. I cannot find the reason for this and how could I modify this.
Any suggestions on what should I look into would be highly appreciated.
OK, I have figured this out on my own. It seems that Django has a setting of SESSION_COOKIE_AGE, which defaults to 2 weeks in settings. Details here: https://docs.djangoproject.com/en/1.9/ref/settings/#std:setting-SESSION_COOKIE_AGE
This setting is overriden by allauth for local accounts. In case the user chooses to be remembered, this setting equals to 3 weeks. Otherwise, the expiry is set to 0. From allauth source code:
request.session.set_expiry(0)
In case of social accounts, though, allauth doesn't change anything. So this setting equals to the default one.
In my case, I just set a setting in settings.py so:
ACCOUNT_SESSION_REMEMBER = True
which forces all sessions created with a local account to be remembered.