Session_life_time not working

  • What Grafana version are you using?
    4.2.0

  • What OS are you running grafana on?
    Ubuntu 16.04

  • What did you do?
    In grafana.ini, made the following changes, saved, closed, restarted grafana-server:
    session_life_time = 60
    login_remember_days = 0

  • What was the expected result?
    User’s open browser session would timeout and require re-login after 1 min

  • What happened instead?
    Nothing. Panels in the dashboard kept refreshing successfully after several minutes, even after using grafana refresh button. Tried using the browser refresh button, that reloaded the page w/out asking for re-authentication.

The only thing that did work to end the session, was to close the browser entirely (all tabs and windows) and reopen them.

  • Browser make and version?

    • Chrome Version 58.0.3029.81 (64-bit) (regular and incognito)
    • Safari Version 10.1 (12603.1.30.0.34)

I’ve seen posts related to the same issue for different versions, but none of them offered different behavior:

I’d like to be able to configure grafana sessions in an open browser to expire after x time period (8hrs/24hrs). Anyone have suggestions or know if this is a legit bug that should be logged in the project?

Thanks!

sessions get’s renewed whenever a request is made, so if you have Grafana on TV wall or open in an active tab with a dashboard with refresh it will never expire.

This is not how session cookies work, session cookies (cookies marked session are treated in a specific way in browsers), they usually only expire when you close the browser. The backend session linked to the session id will expire if no requests are made during the lifetime. So if you leave grafana open with no activity (no dashboard panel refresh) for x time period (same as session lifetime) and your login_rember_days is zero then you should get logged out.

After your session config changes make sure you clear cookies. Could be good to make sure the test is valid. If you still see that you do not get logged out after not using Grafana for x time period then it could be something wrong indeed.

Very helpful explanation, thank you!

I just tried the following in grafana.ini and restarted grafana-server:

session_life_time = 60
login_remember_days = 0

Using separate chrome and chrome incognito windows, I opened the grafana homepage, set Refreshing every to off, waited a few minutes, then used the browser button. The page reloaded and I was not asked to re-authenticate.

Was there another place where I could/should set dashboard to not refresh? If not, it would appear things might not be working as intended.

Full disclosure, I have auth.proxy configured and I’m proxying to grafana through nginx, which uses lua-resty-openidc to authenticate through Auth0:

grafana.ini

...
#################################### Auth Proxy ##########################
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = email
auto_sign_up = true
...

nginx grafana site config

server {
    listen 80;
    error_log /var/log/nginx/grafana.error.log;

    # lua-resty-session https://github.com/bungle/lua-resty-session#nginx-configuration-variables
    set $session_cookie_lifetime   86000;

    location / {
      # https://github.com/pingidentity/lua-resty-openidc#sample-configuration-for-google-signin
      access_by_lua '

        local opts = {
           redirect_uri_path = "/login",
           discovery = "https://<org_name>.auth0.com/.well-known/openid-configuration",
           client_id = "<auth0_client_id>",
           client_secret = "<auth0_client_secret>",
           redirect_uri_scheme = "https",
           ssl_verify = "no"
        }

        local res, err = require("resty.openidc").authenticate(opts)

        if err then
          ngx.status = 500
          ngx.say(err)
          ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end

        ngx.req.set_header("X-WEBAUTH-USER", res.user.email)
      ';

      proxy_pass http://grafana.staged-by-discourse.com/;
    }
}

Auth proxy enabled! Ah, should have mention that! Then you never see the login, the proxy process loggs you in automatically. You need to check how you login to your auth proxy and how long that session is, which happens outside Grafrana :slight_smile:

Thanks for the follow up!

session_life_time = 60
login_remember_days = 0
I just tried the following in grafana.ini and restarted grafana-server. Session_life_time not working also.
I think it’s a issue for v5.2.2

@cuitzyj were you able to resolve the issue?