from datetime import timedelta
app = Flask(__name__)
app.config['SECRET_KEY'] = 'xxxxxxxxx'
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(minutes=5)
The session will created for each client, seperated from other clients. So, I think the best place to set session.permanent is when you login():
@app.route('/login', methods=['GET', 'POST'])
def login():
#After Verify the validity of username and password
session.permanent = True