Searchguard.session.ttl and searchguard.cookie.ttl

If I set this:

searchguard.session.keepalive: true
searchguard.session.ttl: 999999
searchguard.cookie.ttl: 120000

in kibana.yml then log in to Kibana, wait two minutes without doing anything, then reload the page, I’m sent back at the login screen. If I set this:

searchguard.session.keepalive: true
searchguard.session.ttl: 120000
searchguard.cookie.ttl: 999999

then log in to Kibana, wait two minutes without doing anything, then reload the page, I’m sent back at the login screen.

It seems like whichever is the lowest value of searchguard.session.ttl and searchguard.cookie.ttl determines how long you stay logged in for. Which makes me wonder, what is the point of being able to set these values independently of each other? Why isn’t there a single value that controls session length?

What’s the point of searchguard.session.ttl if searchguard.cookie.ttl has a lower value?

What’s the point of searchguard.cookie.ttl if searchguard.session.ttl has a lower value?

Kibana 6.8.1 with Search Guard plugin 6.8.1-18.4.

Hi @mikew,

You’re right, this is a bit confusing right now. I’ll talk to the team about consolidating those two options.
cookie.ttl is used by the browser itself to determine the expiration, and session.ttl is something we store in the auth cookie to manually check the expiration.

Thanks!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.