There is currently no official API to change this, however I think the easiest solution is something like this:
Create a new custom AccessToken class that extends Flarum\Http\AccessToken
with a custom expiration date. Register it using the Flarum\Http\AccessToken::setModel
method from a service provider. In the future there will be an extender for this, the access tokens have been designed with the ability to have custom types of tokens.
Listen for Flarum\User\Event\LoggedIn
event, and if $event->token
is an instance of SessionAccessToken
, change its $token->type
attribute to your custom token type.
Starting with the next request, the token will use the expiration time of your custom token type.
We should probably make the session and remember durations customizable via a config.php
variable in the future.
EDIT: additional note, if you only want to extend the session of users who keep a browser tab open, you could use the javascript API to periodically send a request to Flarum's API. The session expires after 1h of inactivity, but any request during that time will reset the counter.
Remember tokens are the intended solution for users who wish to remain logged in for long periods of time.