Kibana sessionTimeout doesn't take effect

Hi,

We are using Kibana 6.5.4 with X-Pack enabled (w/ trial license).
I am trying to change the default session duration according to the documentation but seems like the parameter doesn't get applied and the session still gets expired after the browser close.

This is the relevant configuration from kibana.yaml:

elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/kibana.pem
elasticsearch.ssl.verificationMode: certificate
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.enabled: true
server.ssl.key: /etc/kibana/certs/kibana.key
xpack.security.authProviders: [basic]
xpack.security.public.hostname: mydomain.net
xpack.security.public.port: 443
xpack.security.public.protocol: https
xpack.security.encryptionKey: "aaflkhsiodjhfh9ji3phnklsndlfknsg"
xpack.security.sessionTimeout: 600000
xpack.security.cookieName: "myCookieName" (i changed this just to check if the conf gets loaded)

Looking at the Chrome cookie:


As you can see, the Expires field indicates that the parameter didn't affect the cookies expiration time.

From the dev tools:

Just to be clear, I tried many variations of the above configuration, after each changed I restarted the kibana of course.
Also, I use nginx as a reversed proxy, for debugging purpose I worked only with one kibana though.

Thanks,

Hey @tomeri, this is the intended behavior. The wording for the docs is awkward, and Kibana sessions are always bound to the browser session, so closing the browser will always cause you to have log back in again.

I wonder why this is the intended behavior, is it common with such applications?
Isn't possible to configure it differently somehow?

Thanks,

Hey @tomeri, there's the potential for us to add an additional setting which creates persistent session cookies so that users don't have to log back in every time that they close and re-open the browser. Feel free to open up a feature request in our github repo here: https://github.com/elastic/kibana/issues/new/choose

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.