0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-06-16 19:08:31 +02:00

fix details on admin session lifetime

Jeremy Lin 2023-03-06 15:21:34 -08:00
parent ed6f168408
commit 4121a45d5d

@ -20,8 +20,7 @@ The first time you save a setting in the admin page, `config.json` will be gener
Note that config changes in the admin page do not take effect until you click the `Save` button. For example, if you are testing SMTP settings, and you change the `SMTP Auth mechanism` setting and then click `Send test email` to test the change, this won't work as expected -- since you didn't click `Save`, the `SMTP Auth mechanism` change won't have taken effect.
**Note:** After changing the `ADMIN_TOKEN`, the currently logged in admins will still be able to use their old login token for [up to 20 minutes](https://github.com/dani-garcia/vaultwarden/blob/main/src/api/admin.rs#L183).
**Note:** After changing the `ADMIN_TOKEN`, any admins that are currently logged in will still be able to use their existing login sessions until expiration. The admin session lifetime is [configurable](https://github.com/dani-garcia/vaultwarden/blob/a13a5bd1d8c3fea3fce80eba6e8c3aa8880855dd/.env.template#L342-L343), with a default of 20 minutes.
**Note:** Removing the environment variable `ADMIN_TOKEN` won't disable the admin page if the value is persisted in the `config.json` file mentioned above. **To disable admin page**, make sure no `ADMIN_TOKEN` environment variable is set, and no `"admin_token"` key exists in `config.json`, if that file exists.