Web session never expires

alan · January 23, 2023, 7:53am

I would like to have my login session expire after some time or if the tab is closed. But for some reason I stay logged in indefinitely. I tried setting these environment variables and recreating the containers without any success:

AUTO_LOGOUT_SECONDS=3660
SESSION_LIFETIME=60
SESSION_EXPIRE_ON_CLOSE=true
REMEMBER_ME_ENABLED=false

I cleared my browser cache/cookies/data between tests and also ran these commands on the server in case I need to refresh something:

docker exec -it in-app php artisan ninja:type-check --all=true
docker exec -it in-app php artisan optimize

I am using docker compose to run InvoiceNinja nginx/app/db containers. I run Traefik for cert management (never was able to figure out how to remove nginx and use Traefik instead to directly point to IN)

One other quick: I have a need to run multiple instances of InvoiceNinja so my browser logs into InvoiceNinja on multiple domains like this:

sub.domain.com
otherdomain.com

I’m not sure what is relevant here but maybe it helps shed light on the cause of the problem? Any advice would be appreciated.

InvoiceNinja: v5.5.60-C105
Firefox: 109.0

hillel · January 23, 2023, 7:55am

Hi,

You can enable a web session timeout on Settings > Account Management > Security Settings.

alan · January 23, 2023, 7:58am

Thanks for the lightning reply! I see that option now. Great!

Is it enforceable on the server side via env vars?

hillel · January 23, 2023, 7:59am

The server .env variables don’t apply to the admin portal, they would affect the client portal.

alan · January 23, 2023, 8:01am

Got it . Makes sense.

alan · January 24, 2023, 4:16pm

I set the Web Session Timeout in the admin portal to 30 minutes to test it. It still never times out. Is there something else that I need to do?

hillel · January 24, 2023, 4:47pm

I’m not sure, are you leaving the app inactive for 30 minutes?

Also, are you using a password manager to autofill the login details?

alan · January 24, 2023, 5:57pm

Yes, I left the Firefox tab alone (out of focus, other tab selected) for more than 30 minutes. I am unable to use a password manager with the InvoiceNinja admin portal so I manually type it in.

hillel · January 24, 2023, 7:31pm

I’m not sure, I can’t reproduce the problem.

alan · January 25, 2023, 4:34pm

I run multiple instances of InvoiceNinja on related domains:

Do you think it is possible that a browser will confuse cookies/data between both sites?

hillel · January 25, 2023, 4:53pm

I’m wouldn’t think so but I haven’t tested it myself.