Currently CSRF token timeout is hard-coded at 1800 seconds. This often becomes inconvenient when I want to perform an action on a page that I loaded a while ago. A couple of typical cases:
- Reading the timeline on a phone is often done in small chunks of time, so I load a page and slowly scroll through it. If I attempt to like something later than half an hour, it fails with a CSRF error. Reloading the page is also not ideal because it loses my reading position.
- Writing any non-trivial post may take longer than 30m, especially if I have to look up/research something.
For myself, I don't see much threat from increasing CSRF lifetime to something on the order of several hours, so I would like to have that option.