The django session cookie age is defined in seconds.
SESSION_COOKIE_AGE = 360
means that the session will expire after 6 minutes. I’ve recently implemented the ‘Remember Me’ feature and I set the following:
SESSION_COOKIE_AGE = 60 * 60 * 24 * 30 # One month
The login view needs override as you’ve shown in the snippet.
But sounds like you’re having an odd issue where closing the browser (when remember me is unchecked) is not requiring the user to re-login which should not happen if you use set_expiry(0). When you use set_expiry(0), the django sets a ‘session’ length cookie as opposed to a fixed length cookie and by design it would expire after browser close.
There’s another settings that affects clearing cookie on browser close. Maybe you can try altering the SESSION_EXPIRE_AT_BROWSER_CLOSE setting’s value or check it’s existing value in your configuration. https://docs.djangoproject.com/en/2.2/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions