[Kratos] How to configure expired time for session?


Currently I have to login again after 1 hour, is there any way to config expired time for kratos?

Many Thanks!


@hackerman Do you mean privileged_session_max_age config? I don’t see explanation for this config so I don’t know what it does actually. There is no config with “expired” term in the key also. Thanks!

You’re right, it appears that this is not configurable yet. Weird that you get logged out after an hour - my login stays for several weeks. There is currently no MaxAge defined which is interpreted a little bit different by every browser.

I think there is an issue for enabling “keep me logged in” flows in Kratos, which would also define the duration of the cookie.

I will test again in Firefox, my coworker (use Chrome) receives a cookie with Expires attribute as below

btw, after digging source code, I found that there is a config ttl.session (ViperKeyLifespanSession = “ttl.session” in provider_viper.go) but I can’t use it in yaml config file, may be the schema config doesn’t add this field right now.

Yeah that’s possible - I’m not sure if that’s configured properly atm. Could you please open an issue/and/or PR in Kratos GitHub? :slight_smile:

Thanks for your confirmation, here is the issue https://github.com/ory/kratos/issues/326

I’m learning golang atm so I can’t create a PR soon :slight_smile: But will help when I’m ready