The idea is:
To have a session timeout setting where users are force to log back in after a desired time has elapsed.
My use case:
Complying with internal compliance requirements.
I think it would be beneficial to add this because:
it would improve the security posture of the product.
Are you willing to work on this?
I do not have the coding experience to implement this.
Hey @Hidden_Squid I’m pleased to say we’ve now added support for setting a custom session timeout as of version 1.26.0. We’ve introduced two new environment variables to configure this which are:
N8N_USER_MANAGEMENT_JWT_DURATION_HOURS - This sets the expiration for the JWTs in hours.
N8N_USER_MANAGEMENT_JWT_REFRESH_TIMEOUT_HOURS - This controls how many hours before the JWT expires to automatically refresh it.
For more details on how to configure these and other variables, check out the environment variables docs.