Skip to content

feat: add AUTH_SESSION_TIMEOUT environment variable for configurable session duration #5041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 17, 2025
Merged

feat: add AUTH_SESSION_TIMEOUT environment variable for configurable session duration #5041

merged 2 commits into from
Jun 17, 2025
+10 βˆ’6

Conversation

skynetigor
Copy link
Contributor

@skynetigor skynetigor commented Jun 16, 2025
edited
Loading

Closes #5028

πŸ“‘ Description

βœ… Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

β„Ή Additional Information

@vercel Vercel
Copy link

vercel bot commented Jun 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git β†—οΈŽ

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
keep ⬜️ Ignored (Inspect) Visit Preview Jun 16, 2025 5:37pm

@skynetigor skynetigor changed the title feat: add AUTH_SESSION_TIMEOUT environment variable for configurable … feat: add AUTH_SESSION_TIMEOUT environment variable for configurable session duration Jun 16, 2025
@skynetigor skynetigor marked this pull request as ready for review June 16, 2025 17:33
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. Documentation Improvements or additions to documentation Feature A new feature labels Jun 16, 2025
cursor-com[bot]
cursor-com bot reviewed Jun 16, 2025
View reviewed changes
Copy link

@cursor-com cursor-com bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Invalid Session Timeout Causes Authentication Issues

The AUTH_SESSION_TIMEOUT environment variable is parsed using Number.parseInt() without validation. If AUTH_SESSION_TIMEOUT contains a non-numeric value (e.g., "abc" or an empty string), Number.parseInt() returns NaN. This NaN is then assigned to NextAuth.js's session.maxAge, which can lead to broken session management or undefined behavior. The parsed value should be validated or a more robust parsing method with a fallback to the default should be used.

keep-ui/auth.config.ts#L23-L26

keep/keep-ui/auth.config.ts

Lines 23 to 26 in ae4064e

const authSessionTimeout = process.env.AUTH_SESSION_TIMEOUT
? Number.parseInt(process.env.AUTH_SESSION_TIMEOUT)
: 30 * 24 * 60 * 60; // Default to 30 days if not set

Fix in Cursor

Was this report helpful? Give feedback by reacting with πŸ‘ or πŸ‘Ž

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jun 16, 2025
@skynetigor skynetigor merged commit 41a96d8 into main Jun 17, 2025
22 of 23 checks passed
@skynetigor skynetigor deleted the 5028-Suggest-to-make-user-session-timeout-configurable branch June 17, 2025 09:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor-com cursor-com[bot] cursor-com[bot] left review comments

@talboren talboren talboren approved these changes

Assignees
No one assigned
Labels
Documentation Improvements or additions to documentation Feature A new feature lgtm This PR has been approved by a maintainer size:S This PR changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[βž• Feature]: Suggest to make user session timeout configurable
2 participants
@skynetigor @talboren