search

mkhorasani / Streamlit-Authenticator

A secure authentication module to validate user credentials in a Streamlit application.
Apache License 2.0
1.38k stars 229 forks source link

Infinit cookie does not work #83

Closed HendrikHuel closed 10 months ago

HendrikHuel commented 10 months ago

In my app I am trying to set an infinit cookie that does not expire. Following the documentation

In addition, enter a name, random key, and number of days to expiry for a JWT cookie that will be stored on the client's browser to enable passwordless reauthentication. If you do not require reauthentication, you may set the number of days to expiry to 0.

I declare my cookie in the config.yaml as follows:

cookie:
    expiry_days: 0
    key: key_name
    name: app_name

The cookie does not work as expected, since I have to re-loggin after re-visiting the app. If I use a fixed expiry_days = 30 everything works and I do not have to re-logging.

I tried to understand the edge case of expiry_days = 0 a little bit better by scanning the source code of the authenticater and the CookieManager, but I didn't find anything that explicitly handles an infinit cookie.

Am I missing something or is it a bug?

mkhorasani commented 10 months ago

Hi @HendrikHuel, setting the expiry_days to 0 means that you will NOT be re-authenticated, and you will have to re-login each and every time. If you require re-authentication for an extended period of time, just set the expiry_days parameter to a much larger number.