Allura uses cookie-based auth (potentially could be configured to something different, via the
beaker.session.* values in the
.ini config file). The cookie defaults to never expiring but I'd like a "remember me" checkbox (that does have an expiration, configurable server-side like 1 year). And if you don't check the checkbox, then the login session only lasts for the browser session.
I don't know if the
cookie_expires field can be set dynamically (=True for not remember me, and = num seconds for remember me). Docs don't really talk about it, so I hope
SessionMiddleware does have a way to support it.