I noticed a few issues with the admin login session:
session_timeout
can be changed in the config, the cookie lifetime is limited to a single browser session, so whenever a browser is restarted, you have to log in again. This is particularly inconvenient on mobile, where the OS tends to unload the browser pretty aggressively.session_timeout
since the login, even if you've been using the app all along. I think it would be better to refresh the cookie regularly to prevent that.I'd be happy to propose a patch for both issues.
How can I change
session_timeout
in the config? Didn’t find this info in documentation.
I believe
session_timeout = 123
would work, where123
is the duration in seconds. However, as I described above, that won't buy you much because of the limited cookie lifetime.
Hey, I was able to replicate this behavior on Chrome, but for some reason, on Firefox the cookies is still valid after a restart.
I agree that it makes sense to tweak the behavior.
I will add this my todo list, unless you're still up for proposing a patch, let me know!
Thanks!