Session timeout after 10 minutes
Summary
We use gitlab-pages for several internal website hostings and our users experience annoying session timeouts due to the short lifetime of the gitlab-pages cookie of 10 minutes. As an example, a single page web app can't load further assets (e.g. images) after the session timeout and a (hard) refresh in the browser is necessary.
The authSessionMaxAge
constant is hardcoded in internal/auth/auth.go
:
authSessionMaxAge = 60 * 10 // 10 minutes
It seems that this was introduced with !178 (merged).
So we have a few questions:
- Why was the timeout set to exactly 10 minutes? Is there a reason for this (e.g. a standard)?
- If there is no specific reason, would it be possible to increase this value?
- Or would it be possible to make this value configurable?
WDYT?
If desired, we would be happy to support you as Leading Organization with a Community contribution.
Example Project
What is the current bug behavior?
There's a session timeout after 10 minutes.
What is the expected correct behavior?
The duration to a session timeout is higher or can be configured.
Goal
Make the timeout configurable:
-
Add a new flag to Pages e.g. auth-cookie-session-timeout
with default value of10m
➡ !834 (merged) -
Add the flag to Omnibus, see sample MR ➡ omnibus-gitlab!6495 (merged) -
Add the flag to the Helm charts, see sample MR ➡ gitlab-org/charts/gitlab!2838 (merged) -
Update the admin documentation, see sample MR ➡ gitlab!102996 (merged)
Edited by Naman Jagdish Gala