Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-30 18:05:55 +01:00
Code Issues Packages Projects Releases Activity

docs(user): describe session management

Browse Source
This commit is contained in:
Elian Doran
2025-06-07 12:35:36 +03:00
parent af698550fd
commit 4fd99e1728
7 changed files with 149 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/User Guide/User Guide/Installation & Setup/Server Installation.md vendored
View File

@@ -46,12 +46,7 @@ export MAX_ALLOWED_FILE_SIZE_MB=450
### Disabling Authentication
If you are running Trilium on localhost only or if authentication is handled by another component, you can disable Triliums authentication by adding the following to `config.ini`:
```
[General]
noAuthentication=true
```
See <a class="reference-link" href="Server%20Installation/Authentication.md">Authentication</a>.
## Reverse Proxy Setup

38
docs/User Guide/User Guide/Installation & Setup/Server Installation/Authentication.md vendored Normal file
View File

@@ -0,0 +1,38 @@
# Authentication
## Disabling authentication
If you are running Trilium on `localhost` only or if authentication is handled by another component, you can disable Triliums authentication by adding the following to `config.ini`:
```
[General]
noAuthentication=true
```
Disabling authentication will bypass even the <a class="reference-link" href="Multi-Factor%20Authentication.md">Multi-Factor Authentication</a> since v0.94.1.
## Understanding how the session works
Once logged into Trilium, the application will store this information about the login into a cookie on the browser, but also as a session on the server.
If “Remember me” is checked, then the login will expire in 21 days. This period can be adjusted by modifying the `Session.cookieMaxAge` value in `config.ini`. For example, to have the session expire in one day:
```
[Session]
cookieMaxAge=86400
```
When “Remember me” is unchecked, the behavior is different. At client/browser level the authentication does not have any expiration date, but it will be automatically cleared as soon as the user closes the browser. Nevertheless, the server will also dismiss this authentication in around 24 hours from the _last interaction with the application_.
## Viewing active sessions
The login sessions are now stored in the same <a class="reference-link" href="../../Advanced%20Usage/Database.md">Database</a> as the user data. In order to view which sessions are active, open the <a class="reference-link" href="../../Advanced%20Usage/Database/Manually%20altering%20the%20database/SQL%20Console.md">SQL Console</a> and run the following query:
```trilium
SELECT * FROM sessions
```
Expired sessions are periodically cleaned by the server, generally an hourly interval.
## See also
* <a class="reference-link" href="Multi-Factor%20Authentication.md">Multi-Factor Authentication</a>