I noticed a few issues with the admin login session:
session_timeoutcan be changed in the config, the cookie lifetime is limited to a single browser session, so whenever a browser is restarted, you have to log in again. This is particularly inconvenient on mobile, where the OS tends to unload the browser pretty aggressively.
session_timeoutsince the login, even if you've been using the app all along. I think it would be better to refresh the cookie regularly to prevent that.
I'd be happy to propose a patch for both issues.
How can I change
session_timeoutin the config? Didn’t find this info in documentation.
session_timeout = 123would work, where
123is the duration in seconds. However, as I described above, that won't buy you much because of the limited cookie lifetime.