starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2026-02-05 00:39:58 +03:00
Code Issues 396 Packages Projects Releases 10 Wiki Activity

[Bug]: TOKEN_EXPIRES_IN does not seems to be taken into account #550

New Issue
Closed
opened 2026-02-04 20:19:58 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2026-02-04 20:19:58 +03:00
Owner
Copy Link

Originally created by @jpjoux on GitHub (Aug 9, 2024).

Where is the problem occurring?

I encountered the problem while using the application (Frontend)

What browsers are you seeing the problem on?

Chrome, Firefox

Current behaviour

I have deployed planka by setting the variable TOKEN_EXPIRES_IN to 7
After 2 weeks, I am still logged in into planka

Desired behaviour

Automatic logout after the number of days configured in TOKEN_EXPIRES_IN

Steps to reproduce

Configure OIDC and set TOKEN_EXPIRES_IN to 7
After 7 days we are still logged in
The token value does not seems to be taken into account for an automatic login

Other information

No response

Originally created by @jpjoux on GitHub (Aug 9, 2024). ### Where is the problem occurring? I encountered the problem while using the application (Frontend) ### What browsers are you seeing the problem on? Chrome, Firefox ### Current behaviour I have deployed planka by setting the variable TOKEN_EXPIRES_IN to 7 After 2 weeks, I am still logged in into planka ### Desired behaviour Automatic logout after the number of days configured in TOKEN_EXPIRES_IN ### Steps to reproduce Configure OIDC and set TOKEN_EXPIRES_IN to 7 After 7 days we are still logged in The token value does not seems to be taken into account for an automatic login ### Other information _No response_
OVERLORD commented 2026-02-04 20:20:13 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Aug 11, 2024):

Hi! Thanks for reporting this.

The issue seems to be that the currently issued tokens still retain their previous expiration dates, as they are embedded within the tokens themselves. If you log out and log back in, the new issued token will be valid for 7 days.

To invalidate the previous tokens, you need to generate a new SECRET_KEY. This will automatically log out all current users, and when they log in again, they will have a token with a new expiration date.

Seems like we should add this to the documentation, as it doesn't work very obviously.

@meltyshev commented on GitHub (Aug 11, 2024): Hi! Thanks for reporting this. The issue seems to be that the currently issued tokens still retain their previous expiration dates, as they are embedded within the tokens themselves. If you log out and log back in, the new issued token will be valid for 7 days. To invalidate the previous tokens, you need to generate a new `SECRET_KEY`. This will automatically log out all current users, and when they log in again, they will have a token with a new expiration date. Seems like we should add this to the documentation, as it doesn't work very obviously.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
documentation
documentation
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#550
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?