[nightly] release-x.62.x -> release-x.62.x

_docs/latest/people-and-groups/changing-session-expiration.md

@@ -15,47 +15,54 @@ latest: true
 
 # Session expiration
 
-By default, Metabase sessions are valid for two weeks after a user last authenticated (e.g. by entering their email address/password or via an SSO provider). For example, even if you visit your Metabase instance every day, you'll still have to log in again every two weeks.
+When someone logs in — whether by email and password or through an SSO provider — Metabase creates a session that keeps them logged in across tabs and pages. A session can end in three ways: closing the browser, hitting the absolute session age limit, or going idle long enough to trigger an inactivity timeout. Here's how each is configured, how they interact, and when you'd want to use them.
 
-## Session age
+Clearing browser cookies or cache manually ends a session immediately, regardless of any of these settings.
 
-The session age is the maximum time that a person stays logged into Metabase (even if the person closes the browser).
+## Set the absolute session limit with `MAX_SESSION_AGE`
 
-You can set the environment variable [`MAX_SESSION_AGE`](../configuring-metabase/environment-variables#max_session_age):
+MAX_SESSION_AGE controls the maximum number of minutes a session can live from the time of login. A person with hundreds of tabs open who hasn't rebooted in months will get logged out once MAX_SESSION_AGE is reached (even if they had checked the **Remember me** box on the login page).
 
-```
-# Change session expiration to 24 hours
-MAX_SESSION_AGE=1440 java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
-```
 
-or set the Java system property:
 
-```
-java -DMAX_SESSION_AGE=1440 -jar metabase.jar
+The default value is 14 days. To set a custom value, use the environment variable (in minutes):
+
+```sh
+# sessions expire after 24 hours
+MAX_SESSION_AGE=1440 java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
 ```
 
-`MAX_SESSION_AGE` is in minutes.
+This setting applies equally to everyone regardless of their browser behavior or activity patterns. Use it when your security policy requires people to log in again on a predictable schedule.
 
-## Session timeout
+## Log people out after inactivity
 
 {% include plans-blockquote.html feature="Session timeout" %}
 
-The session timeout is the maximum time that a person can be inactive (for example, if someone leaves Metabase open in a long-forgotten browser tab).
+`MB_SESSION_TIMEOUT` controls how long a session can be inactive before it ends. Someone who opens Metabase in the morning, uses it for an hour, and then spends the rest of the day in other tools will be logged out once the inactivity window closes.
 
-You can toggle this setting from **Admin** > **Authentication**, or set the environment variable [`MB_SESSION_TIMEOUT`](../configuring-metabase/environment-variables#mb_session_timeout).
+> **Note:** A dashboard left open with auto-refresh enabled counts as activity and keeps the session alive, even in a background tab. Scheduled alerts and dashboard subscriptions are server-side operations and do not reset the inactivity timer.
 
-Session timeout is null by default. You can use a session timeout to log people out earlier than the max [session age](#session-age).
+To configure session time out, go to **Admin** > **Authentication** > **Overview**, or set an environment variable:
 
-## Session cookies
+```sh
+# log out after 2 hours of inactivity
+MB_SESSION_TIMEOUT='{"amount":120,"unit":"minutes"}' java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
+```
 
-Metabase also supports using [session cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Session_cookies), which mean users will only stay authenticated until they close their browser. This can be enabled on a per-user basis by unchecking the "Remember me" box when logging in. Once the user closes their browser, the next time they visit Metabase they'll have to log in again. Session expiration still applies, so even if you leave your browser open forever, you'll still be required to re-authenticate after two weeks or whatever session expiration you've configured.
+Note that if you're configuring session timeout in Metabase Admin settings, you need to specify the timeout only in minutes or hours, but the `MB_SESSION_TIMEOUT` variable also accepts `"unit":"seconds"`.
 
-You can tell Metabase to always use session cookies with the environment variable or Java system property `MB_SESSION_COOKIES`:
+When both `MAX_SESSION_AGE` and `MB_SESSION_TIMEOUT` are configured, a session ends at whichever limit hits first. Use it for shared workstations, forgotten open tabs, or any situation where a long-inactive session is a security concern.
 
-```
+## Force everyone to use session cookies
+
+By default, the login page has **Remember me** checked, so sessions survive browser closes and restarts. Without **Remember me**, closing the browser ends the session.
+
+`MB_SESSION_COOKIES` controls whether sessions end when the browser closes. Setting it to `true` removes the **Remember me** checkbox and enforces browser-close logout for everyone.
+
+```sh
 MB_SESSION_COOKIES=true java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
 ```
 
-Setting this environment variable will override the behavior of the "Remember me" checkbox and enforce the use of session cookies for all users.
+`MAX_SESSION_AGE` and `MB_SESSION_TIMEOUT` still apply — even someone who never closes their browser can be logged out by the age limit or an inactivity window.
 
-Note that browsers may use "session restoring", which means they automatically restore their previous session when reopened. In this case, the browser effectively acts as if it was never closed; session cookies will act the same as permanent cookies. For browsers that support this feature, this behavior is usually configurable.
+Many browsers support session restore, which automatically reopens tabs from the previous session on launch. When session restore is active, the browser behaves as if it was never closed, so session cookies persist across browser restarts. This is usually configurable in the browser's settings.

_docs/v0.62/people-and-groups/changing-session-expiration.md

@@ -13,47 +13,54 @@ redirect_from:
 
 # Session expiration
 
-By default, Metabase sessions are valid for two weeks after a user last authenticated (e.g. by entering their email address/password or via an SSO provider). For example, even if you visit your Metabase instance every day, you'll still have to log in again every two weeks.
+When someone logs in — whether by email and password or through an SSO provider — Metabase creates a session that keeps them logged in across tabs and pages. A session can end in three ways: closing the browser, hitting the absolute session age limit, or going idle long enough to trigger an inactivity timeout. Here's how each is configured, how they interact, and when you'd want to use them.
 
-## Session age
+Clearing browser cookies or cache manually ends a session immediately, regardless of any of these settings.
 
-The session age is the maximum time that a person stays logged into Metabase (even if the person closes the browser).
+## Set the absolute session limit with `MAX_SESSION_AGE`
 
-You can set the environment variable [`MAX_SESSION_AGE`](../configuring-metabase/environment-variables#max_session_age):
+MAX_SESSION_AGE controls the maximum number of minutes a session can live from the time of login. A person with hundreds of tabs open who hasn't rebooted in months will get logged out once MAX_SESSION_AGE is reached (even if they had checked the **Remember me** box on the login page).
 
-```
-# Change session expiration to 24 hours
-MAX_SESSION_AGE=1440 java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
-```
 
-or set the Java system property:
 
-```
-java -DMAX_SESSION_AGE=1440 -jar metabase.jar
+The default value is 14 days. To set a custom value, use the environment variable (in minutes):
+
+```sh
+# sessions expire after 24 hours
+MAX_SESSION_AGE=1440 java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
 ```
 
-`MAX_SESSION_AGE` is in minutes.
+This setting applies equally to everyone regardless of their browser behavior or activity patterns. Use it when your security policy requires people to log in again on a predictable schedule.
 
-## Session timeout
+## Log people out after inactivity
 
 {% include plans-blockquote.html feature="Session timeout" %}
 
-The session timeout is the maximum time that a person can be inactive (for example, if someone leaves Metabase open in a long-forgotten browser tab).
+`MB_SESSION_TIMEOUT` controls how long a session can be inactive before it ends. Someone who opens Metabase in the morning, uses it for an hour, and then spends the rest of the day in other tools will be logged out once the inactivity window closes.
 
-You can toggle this setting from **Admin** > **Authentication**, or set the environment variable [`MB_SESSION_TIMEOUT`](../configuring-metabase/environment-variables#mb_session_timeout).
+> **Note:** A dashboard left open with auto-refresh enabled counts as activity and keeps the session alive, even in a background tab. Scheduled alerts and dashboard subscriptions are server-side operations and do not reset the inactivity timer.
 
-Session timeout is null by default. You can use a session timeout to log people out earlier than the max [session age](#session-age).
+To configure session time out, go to **Admin** > **Authentication** > **Overview**, or set an environment variable:
 
-## Session cookies
+```sh
+# log out after 2 hours of inactivity
+MB_SESSION_TIMEOUT='{"amount":120,"unit":"minutes"}' java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
+```
 
-Metabase also supports using [session cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Session_cookies), which mean users will only stay authenticated until they close their browser. This can be enabled on a per-user basis by unchecking the "Remember me" box when logging in. Once the user closes their browser, the next time they visit Metabase they'll have to log in again. Session expiration still applies, so even if you leave your browser open forever, you'll still be required to re-authenticate after two weeks or whatever session expiration you've configured.
+Note that if you're configuring session timeout in Metabase Admin settings, you need to specify the timeout only in minutes or hours, but the `MB_SESSION_TIMEOUT` variable also accepts `"unit":"seconds"`.
 
-You can tell Metabase to always use session cookies with the environment variable or Java system property `MB_SESSION_COOKIES`:
+When both `MAX_SESSION_AGE` and `MB_SESSION_TIMEOUT` are configured, a session ends at whichever limit hits first. Use it for shared workstations, forgotten open tabs, or any situation where a long-inactive session is a security concern.
 
-```
+## Force everyone to use session cookies
+
+By default, the login page has **Remember me** checked, so sessions survive browser closes and restarts. Without **Remember me**, closing the browser ends the session.
+
+`MB_SESSION_COOKIES` controls whether sessions end when the browser closes. Setting it to `true` removes the **Remember me** checkbox and enforces browser-close logout for everyone.
+
+```sh
 MB_SESSION_COOKIES=true java --add-opens java.base/java.nio=ALL-UNNAMED -jar metabase.jar
 ```
 
-Setting this environment variable will override the behavior of the "Remember me" checkbox and enforce the use of session cookies for all users.
+`MAX_SESSION_AGE` and `MB_SESSION_TIMEOUT` still apply — even someone who never closes their browser can be logged out by the age limit or an inactivity window.
 
-Note that browsers may use "session restoring", which means they automatically restore their previous session when reopened. In this case, the browser effectively acts as if it was never closed; session cookies will act the same as permanent cookies. For browsers that support this feature, this behavior is usually configurable.
+Many browsers support session restore, which automatically reopens tabs from the previous session on launch. When session restore is active, the browser behaves as if it was never closed, so session cookies persist across browser restarts. This is usually configurable in the browser's settings.

_site/docs/all.html

@@ -6820,7 +6820,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6947,7 +6947,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">

_site/docs/latest/CONTRIBUTING.html

@@ -6752,7 +6752,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6879,7 +6879,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">

_site/docs/latest/actions/basic.html

@@ -6727,7 +6727,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6854,7 +6854,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">

_site/docs/latest/actions/custom.html

@@ -6812,7 +6812,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6939,7 +6939,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">

_site/docs/latest/actions/introduction.html

@@ -6735,7 +6735,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6862,7 +6862,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">

_site/docs/latest/actions/start.html

@@ -6671,7 +6671,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6798,7 +6798,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">

_site/docs/latest/ai/agent-api.html

@@ -6825,7 +6825,7 @@ <h6>Support</h6>
 
           <span class="ml-2" style="padding-bottom: 1px;">GitHub</span>
           <div class="mini-box bg-light-yellow text-dark-yellow ml-2 flex align-center">
-            <span class="github-stars mr-1"></span>
+            <span class="mr-1">47.7k</span>
             <svg fill="none" height="11" viewBox="0 0 12 11" width="12">
               <path d="M6 1.07149L7.39167 3.70919L7.50639 3.92663L7.74864 3.96855L10.6873 4.47701L8.60874 6.61565L8.43739 6.79196L8.47239 7.03531L8.89691 9.98725L6.22062 8.67131L6 8.56283L5.77938 8.67131L3.10309 9.98725L3.52761 7.03531L3.56261 6.79196L3.39126 6.61565L1.31271 4.47701L4.25136 3.96855L4.49361 3.92663L4.60833 3.70919L6 1.07149Z" fill="#F7C217" stroke="#F7C217"></path>
             </svg>
@@ -6952,7 +6952,6 @@ <h6>Resources</h6>
 
 <!-- statuses -->
 <script src="https://www.metabase.com/js/status.js" type="text/javascript"></script>
-<script src="https://www.metabase.com/js/github-stars.js" type="text/javascript"></script>
 
 <!-- show/hide logic for More Resources button -->
 <script type="text/javascript">