secure_token_query_token_expires_time
Specifies the expiration time for query tokenized responses in NGINX's secure token module.
Description
The secure_token_query_token_expires_time directive is used to configure the expiration period for responses that are protected by query string tokens generated by the secure token module for NGINX. This directive is applicable in several contexts, including HTTP, server, and location blocks, allowing for tailored expiration settings depending on the scope of usage. The value provided must represent a valid time duration that will dictate how long the token remains valid for access to the associated resources.
When a request is made to a resource that requires authentication via a secure token in the query string, the NGINX server will use the configured expiration time to determine how long the token is valid. After this period, any request using the token will be considered invalid, and access to the resource will be denied. It's crucial for content providers to set this value according to their specific needs, balancing the security of the content and user experience. If set too short, valid users may be locked out, while too long could compromise security.
It’s important to note that this directive specifically applies to query string tokens. Other token mechanisms, such as cookies, have their respective directives to manage expiration settings differently. Proper configuration helps ensure that user tokens are correctly validated against their expiration times, enhancing the overall effectiveness of the secure token mechanism.
Config Example
server {
location /protected {
secure_token_query_token_expires_time 1h;
secure_token ...;
}
}Ensure the time format is correctly specified, or it will default to 'none'.
This directive does not apply to cookie tokens; use secure_token_cookie_token_expires_time for those.
Be aware of how client caching might affect perceptions of token expiration.