From 5f158ec039e4753959aad9b8d288b3d8cb4959a1 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Fri, 12 Jul 2019 17:26:02 +0100
Subject: Implement access token expiry (#5660)

Record how long an access token is valid for, and raise a soft-logout once it
expires.
---
 docs/sample_config.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'docs')

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 0462f0a17a..663ff31622 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -786,6 +786,17 @@ uploads_path: "DATADIR/uploads"
 #  renew_at: 1w
 #  renew_email_subject: "Renew your %(app)s account"
 
+# Time that a user's session remains valid for, after they log in.
+#
+# Note that this is not currently compatible with guest logins.
+#
+# Note also that this is calculated at login time: changes are not applied
+# retrospectively to users who have already logged in.
+#
+# By default, this is infinite.
+#
+#session_lifetime: 24h
+
 # The user must provide all of the below types of 3PID when registering.
 #
 #registrations_require_3pid:
-- 
cgit 1.4.1