I understand the _xsrf cookie is inserted by Jupyterlab [ How do the xsrf tokens get inserted into urls?]. Inspecting this cookie in Chrome, the expiration time is set to 30 days. So a couple of questions:
- Expiration time of 30 days seems to be a pretty long setting for web-application. (We got flaks from security team). Is there any particular reason for that? What would be the implication if this value is reduced to say 24 hours, or even say 10 hours?
- Is there any way to change this expiration time of 30 days to some other values? For example, if I want to change it to 10 hours, is there any existing way to configure it?
- If there is no existing config supporting the change, where can changes be made to make the change? I have browsed the jupyterlab source code and couldn;t quite figure out where this expiration time of 30 days is set (trying to find something like xsrf or Date.now( ) + 30 * 60 * 60 * 24 or something similar).
Thanks very much in advance!