web/admin: add notice for user_login stage session cookie behaviour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 14:18:52 +01:00 · 2023-02-08 14:18:52 +01:00 · a7cf454760
parent 5aa43eeb04
commit a7cf454760
3 changed files with 15 additions and 0 deletions
--- a/web/src/admin/stages/user_login/UserLoginStageForm.ts
+++ b/web/src/admin/stages/user_login/UserLoginStageForm.ts
@ -1,5 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { first } from "@goauthentik/common/utils";
+import "@goauthentik/elements/Alert";
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
@ -70,6 +71,15 @@ export class UserLoginStageForm extends ModelForm<UserLoginStage, string> {
                            ${t`Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed.`}
                        </p>
                        <ak-utils-time-delta-help></ak-utils-time-delta-help>
+                        <ak-alert ?inline=${true}>
+                            ${t`Different browsers handle session cookies differently, and might not remove them even when the browser is closed.`}
+                            <a
+                                href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#expiresdate"
+                                target="_blank"
+                            >
+                                ${t`See here.`}
+                            </a>
+                        </ak-alert>
                    </ak-form-element-horizontal>
                </div>
            </ak-form-group>
--- a/web/src/elements/Tooltip.ts
+++ b/web/src/elements/Tooltip.ts
@ -26,6 +26,7 @@ export class Tooltip extends AKElement {
                }
                .pf-c-tooltip {
                    position: absolute;
+                    z-index: 999;
                }
            `,
        ];
--- a/website/docs/flow/stages/user_login.md
+++ b/website/docs/flow/stages/user_login.md
@ -10,6 +10,10 @@ It can be used after `user_write` during an enrollment flow, or after a `passwor

 By default, the authentik session expires when you close your browser (_seconds=0_).

+:::warning
+Different browsers handle session cookies differently, and might not remove them even when the browser is closed. See [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#expiresdate) for more info.
+:::
+
 You can set the session to expire after any duration using the syntax of `hours=1,minutes=2,seconds=3`. The following keys are allowed:

 -   Microseconds