From 2023e44624c63e4cd43883e7449659d064c6ff67 Mon Sep 17 00:00:00 2001
From: Peter Stockings <pstockings@jadeworld.com>
Date: Thu, 26 Feb 2026 22:37:45 +1100
Subject: [PATCH] Make auth session last longer so users dont have to relogin
 each day

---
 app/config.py      | 1 +
 app/routes/auth.py | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/app/config.py b/app/config.py
index 9064e5f..38c7abb 100644
--- a/app/config.py
+++ b/app/config.py
@@ -11,3 +11,4 @@ SYDNEY_TZ = timezone(timedelta(hours=11))
 class Config:
     DATABASE_URL = os.environ.get("DATABASE_URL")
     SECRET_KEY = os.environ.get("SECRET_KEY", "dev-secret-change-me-in-prod")
+    PERMANENT_SESSION_LIFETIME = timedelta(days=30)
diff --git a/app/routes/auth.py b/app/routes/auth.py
index ff448c9..689f7aa 100644
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -40,6 +40,7 @@ def signup():
              fields["is_private"]),
         )
 
+        session.permanent = True
         session["user_id"] = user["id"]
         flash("Welcome! You're all signed up.", "success")
         return redirect(url_for("dashboard.index"))
@@ -58,6 +59,7 @@ def login():
             flash("Invalid username or password.", "error")
             return render_template("login.html"), 401
 
+        session.permanent = True
         session["user_id"] = user["id"]
         next_url = request.args.get("next", url_for("dashboard.index"))
         return redirect(next_url)