I hit this issue when trying to embed my bokeh application into a Django app.
If your Django app users a different timezone than the bokeh server there is a conflict between the token session expiration times.
This can happen if running on the same computer, as in my case, if the Django server is set to use
TIME_ZONE = "UTC" in the settings.py
This could also potentially happen if the Django server and bokeh server are running on different computers in seperate timezones.
On the Django server using UTC timezone the session expiration time is calculated in the Django view
with pull_session(url="mybokerserverurl") as session: script = server_sessions(session_id=session.id, url="mybokerserverurl")
However my bokeh server uses local time of my computer (UTC+10) when determining if the token session expiration time is valid, and promptly fails with
ProtocolError("Token is expired")
To solve this session expiration calculations should use datetime.utcnow() rather than datetime.now() to avoid timezone conflicts.
I have created a pragmatic unittest capture the issue.
Changed the code locally in 2-3 places to use datetime.utcnow() and the tests all pass when I run them manually.
Do you want me to issue a PR?, I am having issues with the pre-commit hook that I may need help with sorting out first though