How long does a membership authentication session last?

ejames_c · July 24, 2020, 5:04am

When a member logs in, they are given a session cookie. How long does that session cookie last before expiring? That is: how long before a member needs to reauthenticate?

I have a second, somewhat related question: if a member is logged in already, and I want to revoke membership, I will delete that member. However, I believe the member’s cookie still exists, and it still works, allowing the member access to private posts.

Is there any way to revoke access completely?

Kym · August 3, 2020, 6:20pm

Hey @ejames_c

I believe the cookie can last anywhere up to 6 months, if the member doesn’t clear their browsing history and cookies.

When you delete a member, their cookie does stay, but as soon as they visit the site, they are logged out immediately (and their cookie is deleted) so they no longer have access to any posts. Hope this helps

ejames_c · August 4, 2020, 3:09am

Thank you Kym! You may mark this topic as closed. <3

Topic		Replies	Views
Ghost member cookie expiration - in database, or? Developer help	2	400	March 7, 2023
About cookies & GDPR Using Ghost	3	722	May 3, 2021
Members last login Developer help	0	350	February 24, 2021
How long does a staff access token last for? Using Ghost	1	131	January 17, 2024
How does Ghost stop account sharing, if it does? Memberships & subscriptions	5	598	July 3, 2023

How long does a membership authentication session last?

Related topics