Skip to content

Idle sessions never expire #57119

New issue
New issue
Closed
#57149
Closed
Idle sessions never expire#57119
#57149
Assignees
jportner
Labels
Team:SecurityPlatform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t//bugFixes for quality problems that affect the customer experience
@jportner

Description

@jportner
jportner
opened on Feb 7, 2020

Kibana version: 7.x / master

Describe the bug: Idle sessions don't expire. It appears that every time the /internal/security/session API is called to check the session expiration, it renews the session.

Steps to reproduce:

  1. Start Kibana with xpack.security.session.idleTimeout: "75s"
  2. Observe the calls to the /internal/security/session API, and the responses each have an increasing idleTimeoutExpiration property.
  3. Observe that the user's session never expires.

Expected behavior: The user's session should expire after the specified time period of inactivity.

Metadata

Metadata

Assignees

Labels

Team:SecurityPlatform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t//bugFixes for quality problems that affect the customer experience

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions