Added TFA timeout env variables

Added profile session management Added "Remember me" to bypass TFA using device fingerprint Fixed profile name not being persistent after logout and login
2026-01-06 04:59:35 -06:00 · 2025-10-06 00:55:23 +01:00
parent 2edc773adf
commit d379473568
12 changed files with 683 additions and 24 deletions
--- a/backend/env.example
+++ b/backend/env.example
@@ -31,3 +31,8 @@ JWT_SECRET=your-secure-random-secret-key-change-this-in-production
 JWT_EXPIRES_IN=1h
 JWT_REFRESH_EXPIRES_IN=7d
 SESSION_INACTIVITY_TIMEOUT_MINUTES=30
+
+# TFA Configuration
+TFA_REMEMBER_ME_EXPIRES_IN=30d
+TFA_MAX_REMEMBER_SESSIONS=5
+TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3