docs: add guide for dealing with login sessions

ory · Jul 27, 2020 · 4e2718c · 4e2718c
1 parent 2e642ff
commit 4e2718c
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/docs/docs/guides/login-session.mdx b/docs/docs/guides/login-session.mdx
@@ -0,0 +1,23 @@
+---
+id: login-session
+title: Login Sessions
+---
+
+A login session is created when a user signs in. The session is either stored as a cookie or as a token, depending
+on the interaction type.
+
+You can set the cookie's `max-age` value - which effectively sets how long the session is active - by changing
+the ORY Kratos configuration file:
+
+```yaml title="path/to/kratos/config.yml
+session:
+  lifespan: 720h # 30 days
+```
+
+Once the lifespan is reached, the user needs to sign in again. If `lifespan` is not set, then the cookie's `max-age`
+will also not be set. Please be aware of how `max-age` behaves:
+
+- The browser interprets the cookie to be removed when the session ends (e.g. the browser window is closed) if
+`max-age` is not set as part of the `Set-Cookie` header. Please be aware that this behavior is not consistent across
+browsers.
+- The browser keeps the cookie until `max-age` is reached otherwise.