Currently, there is one fixed session time for every user.
It should be possible for the user to request a different, pre-configured session duration based on his request, e.g.:
5 days if „stay logged in“ is selected
5 minutes otherwise
The supported keys can be sent when logging in, resetting password - also when refreshing the session?
Or should the choice be persisted after logging in?
User could have multiple sessions: One with longer validity, one with shorter. Would be good to save the key (or duration?) directly at the session-record.
fall back to default if current config entry was dropped?
if existing config-entry was modified -> extend session life accordingly, not according to how it was initially set!
In a later iteration:
allow to specify a different session duration if users have a certain role assigned via the config -> shorter session life for admins/internal staff than for normal users
Currently, there is one fixed session time for every user.
It should be possible for the user to request a different, pre-configured session duration based on his request, e.g.:
The supported keys can be sent when logging in, resetting password - also when refreshing the session?
In a later iteration: