DOC-1927 Document configuration param maximumSessionAge in console (#1561)

Author: micheleRP

modules/console/pages/config/security/authentication.adoc

@@ -497,6 +497,93 @@ Most Kafka client libraries support SASL/SCRAM out of the box. You must configur
 - `sasl.username`: The Redpanda username
 - `sasl.password`: The corresponding password
 
+== Configure session duration
+
+By default, Redpanda Console sessions remain valid for one year. For enterprise deployments, you can limit the maximum session duration using the `maximumSessionAge` configuration parameter.
+
+When a session exceeds the configured maximum age, users must re-authenticate to continue using Redpanda Console.
+
+[tabs]
+======
+Standalone::
++
+--
+[,yaml]
+----
+authentication:
+  jwtSigningKey: "<secret-key>"
+  useSecureCookies: true
+  maximumSessionAge: "90d" # <1>
+  basic:
+    enabled: true
+----
+--
+
+Kubernetes embedded::
++
+--
+When using the Redpanda Operator or the Redpanda Helm chart:
+
+[tabs]
+====
+Operator::
++
+[,yaml]
+----
+apiVersion: cluster.redpanda.com/v1alpha2
+kind: Redpanda
+metadata:
+  name: redpanda
+spec:
+  clusterSpec:
+    console:
+      enabled: true
+      console:
+        config:
+          authentication:
+            jwtSigningKey: "<secret-key>"
+            useSecureCookies: true
+            maximumSessionAge: "90d" # <1>
+            basic:
+              enabled: true
+----
+
+Helm::
++
+[,yaml]
+----
+console:
+  enabled: true
+  console:
+    config:
+      authentication:
+        jwtSigningKey: "<secret-key>"
+        useSecureCookies: true
+        maximumSessionAge: "90d" # <1>
+        basic:
+          enabled: true
+----
+====
+--
+
+Kubernetes standalone::
++
+--
+[,yaml]
+----
+config:
+  authentication:
+    jwtSigningKey: "<secret-key>"
+    useSecureCookies: true
+    maximumSessionAge: "90d" # <1>
+    basic:
+      enabled: true
+----
+--
+======
+
+<1> Maximum duration for browser sessions. Accepts duration strings such as `90d` (90 days), `24h` (24 hours), or `30m` (30 minutes). If not specified, sessions remain valid for one year.
+
 == Configure API authentication
 
 After enabling authentication, you must configure how Redpanda Console authenticates to each Redpanda API: Kafka, Admin, and Schema Registry.

modules/shared/attachments/redpanda-console-config.yaml

@@ -85,6 +85,8 @@ schemaRegistry:
 authentication:
   jwtSigningKey: "secret-value"
   useSecureCookies: true
+  # Maximum browser session age (Enterprise). Accepts duration strings (for example, "90d", "24h", "30m"). Default: 1 year.
+  # maximumSessionAge: "90d"
   # Optionally enable cookie chunking if cookie size is an issue.
   # useCookieChunking: false
   # OIDC configuration (if using OIDC):