-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Breaking change] Provide sensible defaults for xpack.security.session.{lifespan|idleTimeout}
#81747
Comments
Pinging @elastic/es-ui (Team:Elasticsearch UI) |
Pinging @elastic/kibana-security (Team:Security) |
I'm going to remove the |
Resolved via #106061 |
Change description
Which release will ship the breaking change?
8.0
Describe the change. How will it manifest to users?
When security is enabled, the default behavior is to create sessions without an idle timeout or a lifetime. This means that once a user is logged in, their session will remain active until they manually log out, or clear their browser session.
As discussed in #68885, we would like to change the default configuration to provide sensible defaults so that all sessions will have both an idle timeout and a lifespan.
How many users will be affected?
Users who do not specify their own
xpack.security.session.idleTimeout
orxpack.security.session.lifespan
will suddenly find themselves with our defaults applied. If they wish to restore the existing behavior, then they will need to adjust theirkibana.yml
manually.What can users do to address the change manually?
Update their
kibana.yml
to adjust the session timeout/lifespanHow could we make migration easier with the Upgrade Assistant?
I don't think this is something that warrants a custom UI, but having the deprecation warning appear in the UA would be beneficial.
Are there any edge cases?
Test Data
Provide test data. We can’t build a solution without data to test it against.
Cross links
Cross-link to relevant Elasticsearch breaking changes.
xpack.security.session.{lifespan|idleTimeout}
#68885The text was updated successfully, but these errors were encountered: