Session duration on the web interface is (from what I can find here in posts) hard-coded to be 7 days. This is probably a reasonable default value when using PiHole in public internet installations but it is too strict for secure home network installations.
If we can make this configurable and keep default on 7 days - it would make it possible for people with secure home networks where PiHole is not a critical network component to configure this value to be higher or to make it even stricter for truly paranoid among us that are targeting public cloud installations.
Pi-hole (specifically its DNS resolver portion) is not intended to be publically exposed.
It isn't - a session ends as soon as the browser (or the private browsing window, perhaps) is closed.:
Internally, PHP may expire the session even before the browsing session ends (after around half an hour or so). EDIT: You may even be able to control this out of Pi-hole itself - try PHP's respective settings.
A 7 days period to allow for automatic relogin is only activated on your explicit request when logging into Pi-hole, and it uses a separate mechanism.
So if you want a shorter session, just don't tick that option.
Thanks for a quick response.
I actually want a longer session as my network is completely isolated and PiHole is secured with very looooong password and just has a purpose of getting my "smart" TV's and couple of kids gaming tablets to be less exposed to ads. I would like to have like 30 days instead of 7 as it is great to be able to go back and see what is going on on the dashboard but getting that long password entered every 7 days is a pain that I personally don't need.
I think that making this configurable could be beneficial for many users.
I have edited the title based on your input to make it more clear
As a quite paranoid person I would prefer to keep PiHole secured. Even in this limited context where I'm using it for my TVs and couple of gaming tablets I still don't want to keep it open for any intruder (or my kids) to mess up the settings.
As a workaround you might be able to edit the expiry time of the persistentlogin cookie. I've not tested this, there may be other variables in play. The screenshots below are from the Pi-hole dashboard in Safari > (right-click) Inspect Element > Storage > Cookies. Chrome, etc, has similar developer screens you can access.
// Generate cookie with new expiry
$token = genPersistentLoginToken();
$time = time() + 60 * 60 * 24 * 7; // 7 days
writePersistentLoginToken($token, $time);
If you change the 7 to 30 you'll get 30 days. However I think this file is overwritten with an official one when you update, so you may have to keep remembering to tweak it. You can create an alias to do this as needed:
Edit (or create if not present) the bash aliases file in your home directory
cd
nano .bash_aliases
Paste in the line below and save the file
alias 30days="sudo sed -i 's/7; \/\/ 7/30; \/\/ 30/g' /var/www/html/admin/scripts/pi-hole/php/password.php"
Load the alias (this is a one-off for this terminal login, it will be loaded automatically for future terminal logins)
source .bash_aliases
Now you just enter the command 30days and the timeout is changed to 30 days. It will stay like that until the file is 'restored' to 7 days by the next update, and then you can run it again to put it back to 30 days, and so on.
30days
Finally, log out and log back in to the web interface to pick up the new cookie. Make sure to tick the box "Remember me for 7 days" to set the cookie (which will now be for 30 days, not 7).
