Allow configurable session expiration for MCP server authentication

[TheophileDiot]

Description:

Hi team,

I’d like to propose a feature that would allow configuring the session expiration duration for the MCP server.

Currently, the session lifetime appears to be quite short, which leads to frequent reauthentication. This becomes disruptive, especially in workflows involving persistent or long-running interactions with the MCP server.

Proposed improvement:
Add a configurable setting for session expiration directly in the MCP settings page. This would make it easily accessible and manageable from the UI without requiring manual configuration changes.

Use case:
In development or controlled environments, longer-lived sessions would reduce friction and improve productivity by minimizing repeated authentication steps.

Additional considerations:

• Keep a secure default value.
• Optionally define a maximum allowed duration.
• Provide clear UX indications about security implications of longer sessions.

Question:
Is this something that could be supported, or is there an existing way to extend session duration?

Thanks for considering this!

[tommoor]

While I do think the lifetime should be increased, I'm wondering in what way does this show up as disruptive? The MCP client should silently refresh the authentication token

[TheophileDiot]

I don't know about other agents but on my Claude Code TUI I always have to do it manually 😅

[tommoor]

There's definitely some client issue here, but I'll look at increasing token lifetime to 24h.

Also API authentication is now available, which you might prefer

[TheophileDiot]

I see I'll try using a bearer, thank you for these insights!