Web session never expires

I would like to have my login session expire after some time or if the tab is closed. But for some reason I stay logged in indefinitely. I tried setting these environment variables and recreating the containers without any success:


I cleared my browser cache/cookies/data between tests and also ran these commands on the server in case I need to refresh something:

docker exec -it in-app php artisan ninja:type-check --all=true
docker exec -it in-app php artisan optimize

I am using docker compose to run InvoiceNinja nginx/app/db containers. I run Traefik for cert management (never was able to figure out how to remove nginx and use Traefik instead to directly point to IN)

One other quick: I have a need to run multiple instances of InvoiceNinja so my browser logs into InvoiceNinja on multiple domains like this:


I’m not sure what is relevant here but maybe it helps shed light on the cause of the problem? Any advice would be appreciated.

InvoiceNinja: v5.5.60-C105
Firefox: 109.0


You can enable a web session timeout on Settings > Account Management > Security Settings.

Thanks for the lightning reply! I see that option now. Great!

Is it enforceable on the server side via env vars?

The server .env variables don’t apply to the admin portal, they would affect the client portal.

Got it :+1:. Makes sense.

I set the Web Session Timeout in the admin portal to 30 minutes to test it. It still never times out. Is there something else that I need to do?

I’m not sure, are you leaving the app inactive for 30 minutes?

Also, are you using a password manager to autofill the login details?

Yes, I left the Firefox tab alone (out of focus, other tab selected) for more than 30 minutes. I am unable to use a password manager with the InvoiceNinja admin portal so I manually type it in.

I’m not sure, I can’t reproduce the problem.

I run multiple instances of InvoiceNinja on related domains:

Do you think it is possible that a browser will confuse cookies/data between both sites?

I’m wouldn’t think so but I haven’t tested it myself.