Per T222907, we've decided that Kask will not use per-request TTLs, nor will it warn if the client tries to set per-request TTLs.
We will not put in complicated error-handling or logging code to check for mismatches between Kask's and MediaWiki's session-expiry times. We will assume that well-informed humans will not set those two values to wildly disparate values.
This should be made explicit with a warning comment in at least two places:
- config.yaml.sample
- the production config.yaml for WMF (I'm not sure where this lives)
Suggested warning text suggestion:
WARNING: a mismatch between default_ttl and your application's session timeout value might cause subtle problems in your application. Make sure that they are the same (in MediaWiki, the configuration option is $wgObjectCacheSessionExpiry).