mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-16 05:54:01 +03:00
🚀 Feature: unlimited session duration #355
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Felitendo on GitHub (Jun 30, 2025).
Feature description
Something that I miss from switching from Authentik is the ability to set the session duration as unlimited. It would be great if I could just type in "0" or "-1" for the session duration and have users logged in "forever"
@Felitendo commented on GitHub (Jun 30, 2025):
I'm talking about this option:
@stonith404 commented on GitHub (Jun 30, 2025):
This is not recommended for security reasons, especially since the session is stateless, meaning a stolen session token cannot be revoked.
In the future it might make sense if we make the session stateful. Then we could increase the max session duration to maybe 6 months but a longer session expiration is really not recommended.