Closed BillMedernach closed 4 years ago
I'm still unclear on how helpful this will be, since my experience is a lot of refreshes rather than explicit signouts that clearly happen more than every hour. I'd love to be proven wrong though. (Though I might not notice much since I'm so often sre
.)
The hard coded 3600 second life on session tokens is often problematic when working on tasks that require a longer timeout, such as a long-running local script or working in the console via Holochrome.
This PR allows each role to have a configurable timeout based on a configurable LDAP group attribute. This means an
engineer
role, for example, could have a 4 hour timeout and a more permissivegod
role could have something like a 30 minute timeout.