Session timeout after 10 minutes

Summary

We use gitlab-pages for several internal website hostings and our users experience annoying session timeouts due to the short lifetime of the gitlab-pages cookie of 10 minutes. As an example, a single page web app can't load further assets (e.g. images) after the session timeout and a (hard) refresh in the browser is necessary.

The authSessionMaxAge constant is hardcoded in internal/auth/auth.go:

authSessionMaxAge      = 60 * 10 // 10 minutes

It seems that this was introduced with !178 (merged).

So we have a few questions:

• Why was the timeout set to exactly 10 minutes? Is there a reason for this (e.g. a standard)?
• If there is no specific reason, would it be possible to increase this value?
• Or would it be possible to make this value configurable?

WDYT?

If desired, we would be happy to support you as Leading Organization with a Community contribution.

Example Project

What is the current bug behavior?

There's a session timeout after 10 minutes.

What is the expected correct behavior?

The duration to a session timeout is higher or can be configured.

Goal

Make the timeout configurable:

1. Add a new flag to Pages e.g. auth-cookie-session-timeout with default value of 10m ➡ !834 (merged)
2. Add the flag to Omnibus, see sample MR ➡ omnibus-gitlab!6495 (merged)
3. Add the flag to the Helm charts, see sample MR ➡ gitlab-org/charts/gitlab!2838 (merged)
4. Update the admin documentation, see sample MR ➡ gitlab!102996 (merged)