Welcome to your Lovable project
Project info
URL: https://lovable.dev/projects/REPLACE_WITH_PROJECT_ID
How can I edit this code?
There are several ways of editing your application.
Use Lovable
Simply visit the Lovable Project and start prompting.
Changes made via Lovable will be committed automatically to this repo.
Use your preferred IDE
If you want to work locally using your own IDE, you can clone this repo and push changes. Pushed changes will also be reflected in Lovable.
The only requirement is having Node.js & npm installed - install with nvm
Follow these steps:
# Step 1: Clone the repository using the project's Git URL.
git clone <YOUR_GIT_URL>
# Step 2: Navigate to the project directory.
cd <YOUR_PROJECT_NAME>
# Step 3: Install the necessary dependencies.
npm i
# Step 4: Start the development server with auto-reloading and an instant preview.
npm run dev
Edit a file directly in GitHub
- Navigate to the desired file(s).
- Click the "Edit" button (pencil icon) at the top right of the file view.
- Make your changes and commit the changes.
Use GitHub Codespaces
- Navigate to the main page of your repository.
- Click on the "Code" button (green button) near the top right.
- Select the "Codespaces" tab.
- Click on "New codespace" to launch a new Codespace environment.
- Edit files directly within the Codespace and commit and push your changes once you're done.
What technologies are used for this project?
This project is built with:
- Vite
- TypeScript
- React
- shadcn-ui
- Tailwind CSS
How can I deploy this project?
Simply open Lovable and click on Share -> Publish.
Session Timeout Behavior
This application implements automatic session timeout to align with security best practices (OWASP Session Management Cheat Sheet, NIST 800-63B Section 7.1).
Backend Configuration
The backend uses a sliding window session model with two independent timeouts:
| Timeout | Default | Description |
|---|---|---|
| Idle | 15 minutes | If no authenticated request is made within this window, the session expires |
| Absolute | 8 hours | Hard cap from session creation. Activity cannot extend past this point |
Both are configurable via environment variables: SESSION_IDLE_TIMEOUT and SESSION_ABSOLUTE_TIMEOUT (values in seconds).
How It Works
- Sliding Window: Every authenticated request automatically resets the idle clock
- Active User: Session keeps extending up to the 8-hour absolute maximum
- Idle User: After 15 minutes of inactivity, the session expires and the next request returns 401
- Heartbeat: The frontend sends a periodic
GET /api/v1/auth/meevery 5 minutes to keep sessions alive during passive activities like reading long pages
Frontend UX
- Warning Dialog: When the user is within 3 minutes of session expiry, a warning dialog appears with a countdown timer
- Extend Session: Users can click "Keep Me Signed In" to refresh the session via
POST /api/v1/auth/sessions/refresh - Graceful Expiry: When a session expires, the user is redirected to the login page with a gentle message: "Your session has expired due to inactivity"
- No Hard Logouts: The frontend never forcefully logs out an active user; expiry only occurs after API confirmation (401 response)
API Endpoints
| Endpoint | Purpose |
|---|---|
POST /api/v1/auth/sessions/refresh |
Explicitly refresh session (extends idle timeout) |
GET /api/v1/auth/sessions |
List all active sessions for the user |
DELETE /api/v1/auth/sessions/:id |
Revoke a specific session |
Can I connect a custom domain to my Lovable project?
Yes, you can!
To connect a domain, navigate to Project > Settings > Domains and click Connect Domain.
Read more here: Setting up a custom domain