feat(auth): keep remember tokens on session timeout

- add timeout-specific logout path without remember-token revocation

- reset session timers after remember-me auto login

- compact session policy wording in admin settings (DE/EN)

- extend auth tests for timeout/manual logout behavior
This commit is contained in:
2026-03-09 20:47:21 +01:00
parent 792af5a532
commit af8ee10930
8 changed files with 106 additions and 11 deletions

View File

@@ -334,7 +334,6 @@ $disabledAttr = $isReadOnly ? 'disabled' : '';
<?php e(t('Session limits define how long logged-in users stay signed in.')); ?>
</blockquote>
<small class="muted"><?php e(t('Idle timeout signs users out after no activity.')); ?></small>
<small class="muted"><?php e(t('Absolute timeout signs users out after total session duration, even with activity.')); ?></small>
<small class="muted"><?php e(t('New limits apply on each user\'s next request.')); ?></small>
<div class="grid">
<label class="app-field">