Gitea web session cookie only live for one browser session #33403
Labels
Comments
|
I confirm that external Oauth2 provider never gave any satisfactory session keeping for our users as well... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
I notice I need to sign in to Gitea (via external identity provider) every time I open my browser then Gitea web, which can be quite annoying. I looked at our instance config
sessionsection:Nowhere wrong. Checked backend logs, simply router outputs. No error. Restarted Gitea, still same.
In console I see session cookie has no Max-Age. That means it would be deleted once I close browser, while CSRF cookie will be kept. Is this by design? Or Am I simply getting somewhere wrong? According to https://docs.gitea.com/next/administration/config-cheat-sheet?#session-session, to my understanding,
SESSION_LIFE_TIMEwould set Max-Age ofi_like_giteaGitea Version
e663c4a
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
Git Version
No response
Operating System
No response
How are you running Gitea?
Docker compose
Database
PostgreSQL
The text was updated successfully, but these errors were encountered: