Configurable session timeout for the Ampache API #1134
Labels
Comments
|
Thank you. Btw. the API tokens can only be used with ownCloud Music APIs right? |
|
Yes, the API tokens only allow access to the Ampache and Subsonic APIs of the Music app if that was what you meant. So if those keys are leaked, then the damage made is limited. |
paulijar
added a commit
that referenced
this issue
Mar 29, 2024
The timeout can now be set with the `config.php` key `music.ampache_session_expiry_time`. The default is 6000 seconds and maximum is 31536000 seconds, equaling one year. The maximum has been limited to prevent overflow especially with PostgreSQL where the expiry timestamp (as Unix epoch time) cannot exceed 2^31-1 (which equals a date in the year 2038). refs #1134
paulijar
added
the
6 - Ready for release
|
This feature is now released in Music v1.11.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the session timeout for the Ampache API has been hard-coded to 6000 seconds (1 hour 40 minutes). This value could be made configurable. As this is a rather technical detail with some security implications, I would allow only the cloud admins to configure it via
config.phpand not add any user-setting.This was first requested at mitchray/ample#44 (comment).
The text was updated successfully, but these errors were encountered: