I noticed a few issues with the admin login session:
session_timeout
can be changed in the config, the cookie lifetime is limited to a single browser session, so whenever a browser is restarted, you have to log in again. This is particularly inconvenient on mobile, where the OS tends to unload the browser pretty aggressively.session_timeout
since the login, even if you've been using the app all along. I think it would be better to refresh the cookie regularly to prevent that.I'd be happy to propose a patch for both issues.
How can I change
session_timeout
in the config? Didn’t find this info in documentation.
I believe
session_timeout = 123
would work, where123
is the duration in seconds. However, as I described above, that won't buy you much because of the limited cookie lifetime.
Hey, I was able to replicate this behavior on Chrome, but for some reason, on Firefox the cookies is still valid after a restart.
I agree that it makes sense to tweak the behavior.
I will add this my todo list, unless you're still up for proposing a patch, let me know!
Thanks!
I might have another request: I'm using
micropub-go
to post from the command line (didn't get entries to work with my microblog.pub) and it requests a token successfully. On the page confirming the request of the token I'm offered to choose which actions are allowed using that token.It would be great if I could also choose how long the token is valid.
use case: Let's say I do want to post a series of quotes by a cron job over the next two weeks. The token will never leave the computer that I'm running microblog.pub on, because I'd put the cron job on the same. I'd love to be able to say that the token will be valid for these two weeks.