max_age_days parameter to get_signed_cookie. A value of None limits the lifetime to the current browser session. Secure cookies may contain arbitrary byte values, not just unicode strings (unlike regular cookies) obtained via a call like tornado. locale.get("en") RequestHandler.locale The locale for the current session. Determined by either get_user_locale, which you can override to set the locale based on, e.g., for more information. RequestHandler.xsrf_token The XSRF-prevention token for the current user/session. To prevent cross-site request forgery, we set an ‘_xsrf’ cookie and include the same ‘_xsrf’ value

max_age_days parameter to get_signed_cookie. A value of None limits the lifetime to the current browser session. Secure cookies may contain arbitrary byte values, not just unicode strings (unlike regular cookies) obtained via a call like tornado.locale.get("en") RequestHandler.locale The locale for the current session. Determined by either get_user_locale, which you can override to set the locale based on, e.g., for more information. RequestHandler.xsrf_token The XSRF-prevention token for the current user/session. To prevent cross-site request forgery, we set an ‘_xsrf’ cookie and include the same ‘_xsrf’ value