Session Time to live

Hello, I’m relatively new to streamlit working on a first user-facing application.
When multiple users are using our streamlit application each user has its own streamlit session, Is that correct?
For how long will these sessions be kept alive, if the user doesn’t interact with it anymore? Is there a timeout?
Also will multiple sessions be created, if a user opens the application multiple times in different tabs (or windows)?
Thanks in advance for any useful information.

Hi @RaBo,
Welcome to the community, yes you’re correct each user has a separate streamlit session. As per my knowledge the sessions do not expire unless you explicitly close the tab or window or do a reload.

If a user open multiple tabs/windows of the same application all of those will be separate sessions.

Thanks,
Akshansh

1 Like

Hi @akshanshkmr
Thanks for the quick reply. Are you aware of any way to set/configure such an expiration timer?

Not sure, can you please explain your usecase a little

Our streamlit application allows for exploratory data visualization / analysis. It’s running on a kubernetes platform. For security reason and also to prevent memory leaks by users leaving (potentially multiple) tabs of the application open (and forgetting about them), we want to set a time to kill the session after a certain time of inactivity. Hope this helps.

Hi,

This seems like a genuine use-case, not sure if we have preexisting support for this.
I’ll let the dev team opine on it.
meanwhile, you can try this hacky workaround.

import streamlit as st
import time
import pyautogui
from threading import Thread

def session_timeout(seconds):
    def sub(s):
        t_end = time.time() + s
        while time.time()<t_end:
            pass
        pyautogui.hotkey("ctrl","w")   # windows shortcut to close current tab
    t = Thread(target = sub, args=[seconds])
    st._add_report_ctx(thread=t)
    t.start()

session_timeout(5)
st.write('This sesison will be killed after 5 Seconds')

Thanks,
Akshansh

2 Likes

This workaround is cool - and isn’t so hacky IMO - but is a bit brutal closing the window ;-). Wouldn’t it be better to force a logout (hence assuming there’s a login step to use the app)? The login token TTL can be constantly refreshed at the bottom of the app so that a period of inactivity (i.e. idle_time > TTL) simply triggers a rerun after clearing the login token, thus presenting the login screen.

2 Likes

I agree, that would be the ideal way