habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: allow configuring session cookie age (#12389)

Browse Source
This commit is contained in:
Marc 'risson' Schmitt
2025-02-21 19:21:35 +01:00
committed by GitHub
parent 3b2cd9e8d6
commit c7567e031a
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
authentik/lib/default.yml
View File

@ -64,6 +64,8 @@ debugger: false
log_level: info log_level: info
session_storage: cache session_storage: cache
sessions:
unauthenticated_age: days=1
error_reporting: error_reporting:
enabled: false enabled: false

4
authentik/root/settings.py
View File

@ -16,6 +16,7 @@ from authentik.lib.config import CONFIG, django_db_config, redis_url
from authentik.lib.logging import get_logger_config, structlog_configure from authentik.lib.logging import get_logger_config, structlog_configure
from authentik.lib.sentry import sentry_init from authentik.lib.sentry import sentry_init
from authentik.lib.utils.reflection import get_env from authentik.lib.utils.reflection import get_env
from authentik.lib.utils.time import timedelta_from_string
from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_INBUILT, BACKEND_LDAP from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_INBUILT, BACKEND_LDAP
BASE_DIR = Path(__file__).absolute().parent.parent.parent BASE_DIR = Path(__file__).absolute().parent.parent.parent
@ -242,6 +243,9 @@ SESSION_CACHE_ALIAS = "default"
# Configured via custom SessionMiddleware # Configured via custom SessionMiddleware
# SESSION_COOKIE_SAMESITE = "None" # SESSION_COOKIE_SAMESITE = "None"
# SESSION_COOKIE_SECURE = True # SESSION_COOKIE_SECURE = True
SESSION_COOKIE_AGE = timedelta_from_string(
CONFIG.get("sessions.unauthenticated_age", "days=1")
).total_seconds()
SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_EXPIRE_AT_BROWSER_CLOSE = True
MESSAGE_STORAGE = "authentik.root.messages.storage.ChannelsStorage" MESSAGE_STORAGE = "authentik.root.messages.storage.ChannelsStorage"

6
website/docs/install-config/configuration/configuration.mdx
View File

@ -355,6 +355,12 @@ Defaults to `86400`.
Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions. Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions.
### `AUTHENTIK_SESSIONS__UNAUTHENTICATED_AGE`:ak-version[2025.4]
Configure how long unauthenticated sessions last for. Does not impact how long authenticated sessions are valid for. See [../../add-secure-apps/flows-stages/stages/user_login/index.md](the User login stage) for session validity.
Defaults to `days=1`.
### `AUTHENTIK_WEB__WORKERS` ### `AUTHENTIK_WEB__WORKERS`
Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html). Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html).