You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've had a request to time out user sessions if there has been no activity in 15 minutes. Currently, when a user logs in, we create a token that has a lifespan that defaults to the cookie lifetime (180 days by default). We could expose a setting that would allow fine granularity, but if we did so we need to then update the expires time when the token is accessed.
When the client uses the event stream or polls for events, should this avoid updating the expires time?
Do we need a flag about whether the token can be updated? We probably don't want to extend the expires time of a token that was generated from an API key.
The text was updated successfully, but these errors were encountered:
We've had a request to time out user sessions if there has been no activity in 15 minutes. Currently, when a user logs in, we create a token that has a lifespan that defaults to the cookie lifetime (180 days by default). We could expose a setting that would allow fine granularity, but if we did so we need to then update the
expires
time when the token is accessed.When the client uses the event stream or polls for events, should this avoid updating the expires time?
Do we need a flag about whether the token can be updated? We probably don't want to extend the expires time of a token that was generated from an API key.
The text was updated successfully, but these errors were encountered: