Skip to content

Commit

Permalink
feature: default RememberMe timeout 1m
Browse files Browse the repository at this point in the history 
The current default value of 1d for Remember Me timeout is not
very intuitive: without RememberMe checked the login lasts for
the browser session, which often is much longer than 1d. With
the default 1d and Remember Me checked your login session will
timeout in 1d, when you probably wanted that the server would
remember you over browser restarts for quite a bit longer.

This changes the default value to 3 months, trying to strike
a balance between security (eventual timeout) and convenience
(the server actually remembering you over browser session
resets).
  • Loading branch information
@tkurki
tkurki committed Aug 27, 2023
1 parent 915b0ea commit def8a95
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/tokensecurity.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ module.exports = function (app, config) {
const strategy = {}

let {
expiration = '1d',
expiration = '3m',
users = [],
immutableConfig = false,
allowDeviceAccessRequests = true,
Expand Down

0 comments on commit def8a95

Please sign in to comment.