User Session Duration parameters

1

Hi,
We are running Grafana 6.7 and I am desperately trying to get Grafana in the following state :

  • Whenever an authenticated user closes his browser, he gets a short grace period before he needs to re-authenticate ( I believe this is the token_rotation_interval_minutes parameter)

This means I want login_remember_days = 0.
I added

  • login_maximum_inactive_lifetime_days = 0
  • login_maximum_lifetime_days = 0
  • token_rotation_interval_minutes = 25

I thought I would have 25 mins for inactivity / closing the browser , but if I put these parameters, I can no longer log in (auth succeeds and I just get back to login page).

If I set

  • login_maximum_inactive_lifetime_days = 1
  • login_maximum_lifetime_days = 1
    I am no longer delogged from Grafana after 25 mins.

Can anyone tell me what I need to change for this to work?
Thanks.

2

Hello,

The token_rotation_interval_minutes parameter is not what you are looking for. After this number of minutes, user token will be automatically rotated when the user do another action but it will not have any visible impact on the user. It’s for security: if you leak a token but it was rotated before someone else could use it, it will be invalid.

What you want to change is login_maximum_inactive_lifetime_days but you can’t achieve what you want in Grafana 6.7, as the minimum is 1 day. If you can upgrade your Grafana instance, an update has been made in Grafana 7.2 to handle duration and not only number of days so you can do something like this:
login_maximum_inactive_lifetime_duration = 25m