should not hardcode expiry
should also not hardcore expiry when override_session_expiry is set. override_session_expiry should be perhaps an integer/None and used in place of hard-coded values.
if override_session_expiry:
expiry = request.session.get_session_cookie_age()
# if expiry is more than 8 hours, cap it
if expiry > 28800:
expiry = 28800
logger.warning('OIDC session expiry capped to 8 hours')
request.session.set_expiry(expiry)