Setting Up XSRF-TOKEN & JWT-SESSION value for Expires/Max-Age value to 'session'

We have installed Sonarqube 7.7 version in linux server and Wanted to the Cookie header XSRF-TOKEN & JWT-SESSION value for Expires/Max-Age to ‘Session’.

We are using nginx proxy server and has webserver section fully commented.

What configurations to be made to set the value of Cookie headers mentioned for Max-Age to ‘session’


Hi @ashwini,

Welcome to our community forum.

You can control the expiring of these values using the sonar.web.sessionTimeoutInMinutes property. Notice, however, that this cannot be less than 5mins (due to the way JWT is used). So, currently, you cannot set this to “Session” in SonarQube itself.

If, of course, this is a hard-requirement for your organization, you could rewrite this header in NginX when it’s sent to the browser. But I recommend you stick to the 5mins.

1 Like

Thanks Wouter for your Reply,

Could you please help me in rewriting the header in nginx conf file.