From 9b59d0e3baafab1e0bac7866bc7298ee20ac6921 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Sat, 15 Nov 2025 20:52:42 +0100
Subject: [PATCH] fix: add explicit session configuration parameters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added back session expiration, inactivity, remember_me, and same_site
settings at both global and cookie level to ensure proper session
handling across subdomains.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 net/authelia/configuration.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/net/authelia/configuration.yml b/net/authelia/configuration.yml
index fcb40b9..ddd7ded 100644
--- a/net/authelia/configuration.yml
+++ b/net/authelia/configuration.yml
@@ -84,9 +84,17 @@ access_control:
 # session secret set via environment variable: AUTHELIA_SESSION_SECRET
 session:
   name: 'authelia_session'
+  same_site: 'lax'
+  expiration: '1h'
+  inactivity: '5m'
+  remember_me: '1M'
   cookies:
     - domain: 'pivoine.art'
       authelia_url: 'https://auth.pivoine.art'
+      same_site: 'lax'
+      expiration: '1h'
+      inactivity: '5m'
+      remember_me: '1M'
 
 regulation:
   max_retries: 3