Just for reference I'd like to post what worked for me. Thanks for the detailed help.
Finally I've settled on the following values: ``` redis.sessions.secret = xxx redis.sessions.cookie_max_age = 315360000 # 10 years, basically forever redis.sessions.timeout = 1800 redis.sessions.cookie_secure = True redis.sessions.cookie_httponly = True redis.sessions.cookie_samesite = lax ``` login: ``` headers = remember(request, user.id) redis_timeout = 3600 * 24 * 365 # one year in Redis request.session.adjust_timeout_for_session(redis_timeout) return HTTPFound(location=next, headers=headers) ``` I've thought about it and analyzed it and come up with the solution that this will work well for my usecase. I've never experienced any problem with the previous version of the library with similar values, which have created way more sessions then this one, as this only creates a session when it's actually needed on a login/registration page, leaving home page, etc. session-less. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKw-smCUE%3DwgPfvFLpR9%2B21r_2gey27hHYopxOK43LYzHor76w%40mail.gmail.com.