Ability to set different session expiration time for API
|Target version:||Team Marek backlog|
|Found in release:||Pull request:|
|Velocity based estimate||-|
API supports sessions since #17487. The default expiration time is 1 hour, which is reasonable for UI purposes but it's short for automation.
Having the API session expiry time configurable on per user basis would enable using special users with limited permissions only for automation.
#1 Updated by Ohad Levy over 1 year ago
what would the expected behavior should be?
if i think of other api tokens, some of them are active for a very long period (think github tokens) while some other places (e.g. kerb) might default to 24hours.
also, while outside the scope of this ticket, i would love seeing us storing user sessions in the database for visibility - something like https://github.com/blog/1661-modeling-your-app-s-user-session
#2 Updated by Tomáš Strachota over 1 year ago
Thinking of it twice - the automation argument is probably invalid. It doesn't bring any additional functionality over having a special user with basic auth.
Unrelated to the above there still could be some benefit in setting the different timeout value for ui/api but it's low prio.