User Guide
Authentication
Disabling authentication#
If you are running Trilium on localhost only or if authentication is handled by another component, you can disable Trilium’s authentication by adding the following to config.ini:
[General]
noAuthentication=trueDisabling authentication will bypass even the Multi-Factor Authentication since v0.94.1.
Understanding how the session works#
Once logged into Trilium, the application will store this information about the login into a cookie on the browser, but also as a session on the server.
If “Remember me” is checked, then the login will expire in 21 days. This period can be adjusted by modifying the Session.cookieMaxAge value in config.ini. For example, to have the session expire in one day:
[Session]
cookieMaxAge=86400When “Remember me” is unchecked, the behavior is different. At client/browser level the authentication does not have any expiration date, but it will be automatically cleared as soon as the user closes the browser. Nevertheless, the server will also dismiss this authentication in around 24 hours from the last interaction with the application.
Viewing active sessions#
The login sessions are now stored in the same Database as the user data. In order to view which sessions are active, open the SQL Console and run the following query:
SELECT * FROM sessionsExpired sessions are periodically cleaned by the server, generally an hourly interval.