I chose to use a server-side session management with Flask using Flask-Session.
I store the data using filesystem and as expected, these files are stored under a /flask_session folder in my config directory.
Here is how I set this up in my __init__.py
# __init__.py
from flask_session import Session
[...]
app.config['SESSION_TYPE'] = 'filesystem'
app.config['SECRET_KEY'] = config.SECRET_KEY
sess = Session()
sess.init_app(app)
As expected, session files generated & stored under /flask_session
▾ flask_session/
1695e5cbf9b4edbbbb82a8ef1fad89ae
192761f7ce8e3cbf3ca11665133b7794
2029240f6d1128be89ddc32729463129
...
Question is: Are these files automatically removed by flask_session after a specific amount of time (ie. as the session stored client-side)? If yes, is it possible to decrease/increase this timing?
As Danila Ganchar commented, using PERMANENT_SESSION_LIFETIME allows to control the session expiration time.
Flask-Session use the same builtin config than Flask itself (related to session). From Flask-Session doc:
The following configuration values are builtin configuration values within Flask itself that are related to session. They are all understood by Flask-Session, for example, you should use PERMANENT_SESSION_LIFETIME to control your session lifetime.
Example:
# __init__.py
from flask_session import Session
from datetime import timedelta
app.config['SESSION_PERMANENT'] = True
app.config['SESSION_TYPE'] = 'filesystem'
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(hours=5)
# The maximum number of items the session stores
# before it starts deleting some, default 500
app.config['SESSION_FILE_THRESHOLD'] = 100
app.config['SECRET_KEY'] = config.SECRET_KEY
sess = Session()
sess.init_app(app)