Session expiration is too short – is there an ENV variable to extend it (e.g. 90 days)?

[hermesalvesbr]

Hello,

First of all, thank you for building and maintaining pgbackweb — it’s a very useful and well-designed project, and it has been extremely helpful for managing PostgreSQL backups via a clean web interface. Great work 👍

I’m currently using pgbackweb through the official Docker image (eduardolat/pgbackweb) and noticed that the authentication/session expires quite quickly, requiring frequent re-authentication during normal usage.

I’d like to clarify a few technical points:

1. How is authentication/session management implemented internally?

   • Cookies
   • JWT (access/access+refresh tokens)
   • Server-side sessions

2. Is there any existing (or planned) environment variable to control the session or token expiration time?

   • For example: SESSION_TTL, SESSION_MAX_AGE, JWT_EXPIRES_IN, or similar.

3. If this is not currently configurable via ENV:

   • Which file or function defines the session/token expiration?
   • What would be the recommended way to extend it to something like 90 days?

This would greatly improve usability for long-running admin dashboards where frequent logins can be disruptive.

Thanks again for the project and for your time.

Best regards,