[Bug]: TOKEN_EXPIRES_IN does not seems to be taken into account

[jpjoux]

Where is the problem occurring?

I encountered the problem while using the application (Frontend)

What browsers are you seeing the problem on?

Chrome, Firefox

Current behaviour

I have deployed planka by setting the variable TOKEN_EXPIRES_IN to 7
After 2 weeks, I am still logged in into planka

Desired behaviour

Automatic logout after the number of days configured in TOKEN_EXPIRES_IN

Steps to reproduce

Configure OIDC and set TOKEN_EXPIRES_IN to 7
After 7 days we are still logged in
The token value does not seems to be taken into account for an automatic login

Other information

No response

[meltyshev]

Hi! Thanks for reporting this.

The issue seems to be that the currently issued tokens still retain their previous expiration dates, as they are embedded within the tokens themselves. If you log out and log back in, the new issued token will be valid for 7 days.

To invalidate the previous tokens, you need to generate a new SECRET_KEY. This will automatically log out all current users, and when they log in again, they will have a token with a new expiration date.

Seems like we should add this to the documentation, as it doesn't work very obviously.