The effective time of cookies and csrf_token

ufan0

This is what I'm doing:

Try to get csrf_token by accessing /api/config;
Then access /api/v3/utilities/login by username and password to obtain cookie;
Use csrf_token+cookie to access the website through api.

Based on my understanding, the validity of csrf_token and cookie depends on the expiration time of Session.

And I saw in the control panel that the Session expiration time can be set.

My question now is, is the expiration time of csrf_token and cookie obtained through the above interface equal to the expiration time of Session set by the control panel?

ufan0

I hope I have described the problem clearly and look forward to any answers.

ufan0

Got a new issue:
tag desc is not same like real api return in read api get topic data :

<baris>

@ufan0 please open an issue on our GitHub

<baris>

remove colors from spec · NodeBB/NodeBB@bcb2733

Node.js based forum software built for the modern web - remove colors from spec · NodeBB/NodeBB@bcb2733

GitHub (github.com)