Skip to content

Comments

feat: Make state cookie lifetime configurable via env var#2788

Open
dokterbob wants to merge 2 commits intomainfrom
configurable_state_cookie_lifetime
Open

feat: Make state cookie lifetime configurable via env var#2788
dokterbob wants to merge 2 commits intomainfrom
configurable_state_cookie_lifetime

Conversation

@dokterbob
Copy link
Collaborator

@dokterbob dokterbob commented Feb 18, 2026

The hardcoded 3-minute state cookie lifetime is too short for users with email-based OAuth login flows, where email verification or multi-step login can exceed that window, causing authentication failures.

This PR:

  • Makes _state_cookie_lifetime configurable via the CHAINLIT_STATE_COOKIE_LIFETIME environment variable, defaulting to 180 seconds (3 minutes) to preserve existing behavior.
  • Adds tests for both the default and custom lifetime values.
  • Move from actions/checkout@v4 to actions/checkout@v6 which solves issue with changed-files not working ("Error: Failed to fetch pull request branch. Please ensure "persist-credentials" is set to "true" when checking out the repository. See: https://github.com/actions/checkout#usage", see CI run.)

…IE_LIFETIME env var

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. auth Pertaining to authentication. labels Feb 18, 2026
@dokterbob dokterbob marked this pull request as draft February 18, 2026 15:27
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@dokterbob dokterbob marked this pull request as ready for review February 18, 2026 15:35
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Feb 18, 2026
@dokterbob dokterbob force-pushed the configurable_state_cookie_lifetime branch from b3daebd to c9ad981 Compare February 18, 2026 15:48
@dokterbob dokterbob marked this pull request as draft February 18, 2026 15:50
@dokterbob dokterbob force-pushed the configurable_state_cookie_lifetime branch 3 times, most recently from 5a038fe to 37dd794 Compare February 18, 2026 16:01
@dokterbob dokterbob force-pushed the configurable_state_cookie_lifetime branch from 37dd794 to 79cf406 Compare February 18, 2026 16:13
@dokterbob dokterbob marked this pull request as ready for review February 18, 2026 16:20
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. and removed size:M This PR changes 30-99 lines, ignoring generated files. labels Feb 18, 2026
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

@dokterbob dokterbob enabled auto-merge February 19, 2026 12:03
@dokterbob dokterbob added the review-me Ready for review! label Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auth Pertaining to authentication. review-me Ready for review! size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant