Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Maximum session durations #1024

Merged
merged 2 commits into from
Dec 10, 2016
Merged

Maximum session durations #1024

merged 2 commits into from
Dec 10, 2016

Conversation

ejholmes
Copy link
Contributor

@ejholmes ejholmes commented Dec 9, 2016

This is an extraction of the session expiration pieces from #1018. #1018 can't be merged yet because of bugs in the OneLogin API, but being able to set a maximum session duration would still be incredibly valuable for additional security.

This adds a new EMPIRE_SERVER_SESSION_EXPIRATION env var, that can be set to something like 24h to ensure that users need to re-authenticate periodically, thus ensuring that API keys are rotated frequently. By default, and for backwards compatibility, sessions and access tokens will not expire.

@ejholmes ejholmes merged commit d7f4706 into master Dec 10, 2016
@ejholmes ejholmes deleted the session-expiration branch December 10, 2016 01:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants