feat: add session max lifetime and fix refresh logic (#559)

* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies * feat: add Allow header for invalid methods in proxyHandler * feat: add session max lifetime and fix refresh logic * fix: set default value for created_at column and improve session expiration logic --------- Co-authored-by: Stavros <steveiliop56@gmail.com>
2026-01-12 02:12:29 +00:00 · 2026-01-07 06:37:23 -05:00
parent 721f302c0b
commit e7bd64d7a3
16 changed files with 96 additions and 47 deletions
--- a/.env.example
+++ b/.env.example
@@ -38,6 +38,8 @@ TINYAUTH_AUTH_USERSFILE=""
 TINYAUTH_AUTH_SECURECOOKIE="true"
 # Session expiry in seconds (7200 = 2 hours)
 TINYAUTH_AUTH_SESSIONEXPIRY="7200"
+# Session maximum lifetime in seconds (0 = unlimited)
+TINYAUTH_AUTH_SESSIONMAXLIFETIME="0"
 # Login timeout in seconds (300 = 5 minutes)
 TINYAUTH_AUTH_LOGINTIMEOUT="300"
 # Maximum login retries before lockout