7 years ago · 516037fbdd
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -120,7 +120,7 @@ cookie_secure = false
 
															 login_remember_days = 7
														
 
															 # How often should the login token be rotated. default to '30m'
														
 
															-rotate_cookie_every = 30m
														
 
															+rotate_token_minutes = 30
														
 
															 # How long should Grafana keep expired tokens before deleting them
														
 
															 delete_expired_token_after_days = 30
														
--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@@ -23,7 +23,7 @@ func init() {
 
															 var (
														
 
															 	getTime          = time.Now
														
 
															-	UrgentRotateTime = 20 * time.Second
														
 
															+	UrgentRotateTime = 1 * time.Minute
														
 
															 	oneYearInSeconds = 31557600 //used as default maxage for session cookies. We validate/rotate them more often.
														
 
															 )
														
@@ -218,7 +218,7 @@ func (s *UserAuthTokenServiceImpl) RefreshToken(token *userAuthToken, clientIP,
 
															 	needsRotation := false
														
 
															 	rotatedAt := time.Unix(token.RotatedAt, 0)
														
 
															 	if token.AuthTokenSeen {
														
 
															-		needsRotation = rotatedAt.Before(now.Add(-s.Cfg.LoginCookieRotation))
														
 
															+		needsRotation = rotatedAt.Before(now.Add(-time.Duration(s.Cfg.LoginCookieRotation) * time.Minute))
														
 
															 	} else {
														
 
															 		needsRotation = rotatedAt.Before(now.Add(-UrgentRotateTime))
														
 
															 	}
														
--- a/pkg/services/auth/auth_token_test.go
+++ b/pkg/services/auth/auth_token_test.go
@@ -296,7 +296,7 @@ func createTestContext(t *testing.T) *testContext {
 
															 			LoginCookieSecure:                 false,
														
 
															 			LoginCookieMaxDays:                7,
														
 
															 			LoginDeleteExpiredTokensAfterDays: 30,
														
 
															-			LoginCookieRotation:               10 * time.Minute,
														
 
															+			LoginCookieRotation:               10,
														
 
															 		},
														
 
															 		log: log.New("test-logger"),
														
 
															 	}
														
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -225,7 +225,7 @@ type Cfg struct {
 
															 	LoginCookieName                   string
														
 
															 	LoginCookieSecure                 bool
														
 
															 	LoginCookieMaxDays                int
														
 
															-	LoginCookieRotation               time.Duration
														
 
															+	LoginCookieRotation               int
														
 
															 	LoginDeleteExpiredTokensAfterDays int
														
 
															 }
														
@@ -556,7 +556,10 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 
															 	cfg.LoginCookieMaxDays = login.Key("login_remember_days").MustInt(7)
														
 
															 	cfg.LoginCookieSecure = login.Key("cookie_secure").MustBool(false)
														
 
															 	cfg.LoginDeleteExpiredTokensAfterDays = login.Key("delete_expired_token_after_days").MustInt(30)
														
 
															-	cfg.LoginCookieRotation = login.Key("rotate_cookie_every").MustDuration(time.Minute * 30)
														
 
															+	cfg.LoginCookieRotation = login.Key("rotate_token_minutes").MustInt(30)
														
 
															+	if cfg.LoginCookieRotation < 2 {
														
 
															+		cfg.LoginCookieRotation = 2
														
 
															+	}
														
 
															 	Env = iniFile.Section("").Key("app_mode").MustString("development")
														
 
															 	InstanceName = iniFile.Section("").Key("instance_name").MustString("unknown_instance_name")