Allow to configure JWT expiration #5732
Labels
good first issue
Good for newcomers
issue: enhancement
Issue suggesting an enhancement to an existing feature
severity: low
If the issue only affects a very niche base of users and an easily implemented workaround can solve
source: plugin:users-permissions
Source is plugin/users-permissions package
We are currently doing a penetration test on strapi. One finding was that the JWTs in the admin section don't get invalidated on logout and also have a very long validity period (30d 馃槺).
I would suggest to add a configuration option which allows to set the expiresIn option here:
strapi/packages/strapi-plugin-users-permissions/services/Jwt.js
Line 12 in 6309af2
I'm happy to file a PR if you like that idea. 馃檪
Cheers
The text was updated successfully, but these errors were encountered: