Make session expiry parametric

[ab-smith]

Add an ENV variable to make the cookie lifespan parametric.

[nas-tabchiche]

As things are, it can already be passed through the AUTH_TOKEN_TTL environment variable in the backend. I see the README was not updated when we switched from session to token-based authentication. My mistake, I'm pushing a small PR for this shortly.

The single source of truth for the token's lifespan is the backend. When it expires, the fetch to /current-user will return an erroneous response, then the user is logged out in the frontend. This ensures synchronization between the authentication state of the front and backend at all times for very low added complexity, especially considering the "sliding" nature of the token's TTL (by default, AUTH_TOKEN_AUTO_REFRESH is set to True and AUTH_TOKEN_TTL to 15 minutes, meaning every time a request authenticated with a token is made, its TTL is reset to 15 minutes). Both these variables can be passed as environment variables.

ciso-assistant-community/frontend/src/hooks.server.ts

Line 24 in 297c999

async function validateUserSession(event: RequestEvent): Promise<User | null> {