When OAuth2 login is enabled, SERVER_SERVLET_SESSION_TIMEOUT seems not to take effect properly about komga HOT 7 OPEN

But your suspicion is reasonable, because this issue cannot be reproduced on the Mihon Komga plugin.(That means I don't need to sign in again after restart Mihon)

not really relevant, since Mihon has credentials and will transparently login if needed.

from komga.

Ideally the remember-me checkbox should apply to OAuth2, but it doesn't. I raised this spring-projects/spring-security#15078 let's see if that gets accepted or not.

from komga.

Does your browser clear cookies on restart maybe ? Session on client side is stored in cookies.

Also, was the server restarted or was it running all the time ? Sessions are only stored in memory.

from komga.

Does your browser clear cookies on restart maybe ? Session on client side is stored in cookies.您的浏览器是否会在重新启动时清除 cookie？客户端的会话存储在cookie中。

Also, was the server restarted or was it running all the time ? Sessions are only stored in memory.另外，服务器是重新启动还是一直在运行？会话仅存储在内存中。

If my browser clears cookies on every restart, then my SSO (Authelia) would also log out.
And I've been checking by looking at the docker logs, so the server has been running continuously.
But your suspicion is reasonable, because this issue cannot be reproduced on the Mihon Komga plugin.(That means I don't need to sign in again after restart Mihon)

from komga.

I think I've found the reason. Following your suggestion, I checked the Cookies, and I found that after a successful login, Komga creates a cookie called SESSION, but its Expires/Max-Age property is set to Session. So this cookie gets cleared every time I restart the browser.

from komga.

Komga creates a cookie called SESSION, but its Expires/Max-Age property is set to Session. So this cookie gets cleared every time I restart the browser.

normally that shouldn't matter when remember-me is checked, but for OAuth2 i am not sure that would actually have any effect.

There's a property server.servlet.session.cookie.max-age but it doesn't get picked up for now in Komga because there's some override of the default behaviour.

I guess I could add support for this property, so if it is defined it would be used. I suppose that would address your concern ?

from komga.

I guess I could add support for this property, so if it is defined it would be used. I suppose that would address your concern ?

Thank you very much, but I don't think this issue is a critical one at the moment. So I think it's okay to wait for the result of spring-projects/spring-security#15078 before taking any action. There's no need to rush to add a temporary solution to Komga. I can try using some cookie management Chrome extensions as a temporary workaround.

from komga.