feat(EphemeralSessions): Introduce lax period#56215
Merged
Conversation
artonge
force-pushed
the
artonge/feat/ephemeral_lax_period
branch
from
dd84951 to
9d458e6
Compare
Member
|
Other apps were:
|
Member
nickvergessen
left a comment
nickvergessen
left a comment
There was a problem hiding this comment.
So first minute is good, but longer still runs into problems if it happens during the login flow?
I'm not sure we are overestimating peoples speed with passwords manager and 2FA auth a bit.
Should we bump the limit a bit higher to be "save"?
Contributor
Author
Yes, given that this feature only protects against leaving an open session behind, I think it is safe to bump it to 5 min. |
artonge
force-pushed
the
artonge/feat/ephemeral_lax_period
branch
from
9d458e6 to
870d87b
Compare
nickvergessen
approved these changes
Nov 5, 2025
lib/private/Authentication/Login/FlowV2EphemeralSessionsCommand.php
Outdated
Show resolved
Hide resolved
artonge
force-pushed
the
artonge/feat/ephemeral_lax_period
branch
2 times, most recently
from
337feed to
1fd089c
Compare
Signed-off-by: Louis Chmn <louis@chmn.me>
artonge
force-pushed
the
artonge/feat/ephemeral_lax_period
branch
from
1fd089c to
ed4a170
Compare
CarlSchwan
approved these changes
Nov 6, 2025
Contributor
Author
|
/backport to stable32 |
Contributor
Author
|
/backport to stable31 |
Contributor
Author
|
/backport to stable30 |
Contributor
Author
|
/backport to stable29 |
Contributor
Author
|
/backport to stable28 |
This was referenced Nov 6, 2025
Contributor
Author
|
/backport to stable27 |
Contributor
Author
|
/backport to stable26 |
Contributor
Author
|
/backport to stable25 |
This was referenced Nov 6, 2025
This comment was marked as spam.
This comment was marked as spam.
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In an attempt to fix the numerous number of issues with ephemeral session, I suggest that we introduce a lax period of 60 seconds during which no request will close the session.
For the record, we had/have the following problematic requests: