From 11873e71fd0f0cd4b3ecf868d5f0a506dc704261 Mon Sep 17 00:00:00 2001 From: Daniel Manrique Date: Wed, 4 Mar 2026 16:18:50 -0500 Subject: [PATCH] Fix session timeout check with -t tokens MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This apparently broke on flyctl 0.3.210, probably went unnoticed since it's not a frequently used feature; user who reported it was stuck on 0.3.208. The 30-day session timeout feature has had a bumpy history: 1. 1f90b745f — "Introducing 30-day cli session timeout" (#4630, Nov 5 2025) — the original version had no bypass at all, meaning even env var tokens would hit the timeout. 2. 80affc2eb — "Revert session timeout feature" (#4633) — reverted due to issues. 3. 5a396deda — "session timeout-improved" (#4645, Nov 10 2025) — reintroduced with an env var bypass for CI/CD, but missed the -t flag. This is the commit that introduced the bug the reporting user hit. So the -t flag was never accounted for — it was an oversight in the improved version (#4645) when the env var bypass was added. This code applies the env var timeout bypass for a token passed via -t as well. --- internal/command/command.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/internal/command/command.go b/internal/command/command.go index 8d4175351c..a98067993d 100644 --- a/internal/command/command.go +++ b/internal/command/command.go @@ -566,11 +566,13 @@ func RequireSession(ctx context.Context) (context.Context, error) { return handleReLogin(ctx, "not_authenticated") } - // Skip timestamp validation if token is from environment variable (CI/CD use case) - // This allows automated pipelines to continue working without session timeout - tokenFromEnv := env.First(config.AccessTokenEnvKey, config.APITokenEnvKey) != "" + // Skip timestamp validation if token is explicitly provided via environment + // variable or -t flag (CI/CD and scripted use cases). + // This allows automated pipelines to continue working without session timeout. + tokenExplicit := env.First(config.AccessTokenEnvKey, config.APITokenEnvKey) != "" || + flag.IsSpecified(ctx, "access-token") - if !tokenFromEnv { + if !tokenExplicit { // Check if the token has expired due to age // If LastLogin is zero, it means the user has an old config without the timestamp if cfg.LastLogin.IsZero() {