docs: langflow 1.5 auto-login security doc (#9057)

* langflow-auto-login-security-doc

* trailing-space

* auto-not-auth

* clarify-new-behavior

* env-var-default

* security-md-and-var-names

* Apply suggestions from code review

* Update docs/docs/Configuration/environment-variables.mdx

* Update docs/docs/Configuration/configuration-authentication.mdx

---------

Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com>

docs/docs/Configuration/configuration-api-keys.mdx

@@ -19,11 +19,11 @@ The only exceptions are the MCP endpoints `/v1/mcp`, `/v1/mcp-projects`, and `/v
 <details>
 <summary>AUTO_LOGIN and SKIP_AUTH options</summary>
 
-In Langflow versions earlier than 1.5, if `AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
+In Langflow versions earlier than 1.5, if `LANGFLOW_AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
 In this case, API requests don't require a Langflow API key.
 
-In Langflow version 1.5, you can set `SKIP_AUTH_AUTO_LOGIN=true` and `AUTO_LOGIN=true` to skip authentication for API requests.
-However, the `SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
+In Langflow version 1.5, you can set `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true` and `LANGFLOW_AUTO_LOGIN=true` to skip authentication for API requests.
+However, the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
 </details>
 
 ## Generate a Langflow API key

docs/docs/Configuration/configuration-authentication.mdx

@@ -36,11 +36,11 @@ The only exceptions are the MCP endpoints `/v1/mcp`, `/v1/mcp-projects`, and `/v
 <details>
 <summary>AUTO_LOGIN and SKIP_AUTH options</summary>
 
-In Langflow versions earlier than 1.5, if `AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
+In Langflow versions earlier than 1.5, if `LANGFLOW_AUTO_LOGIN=true`, then Langflow automatically logs users in as a superuser without requiring authentication.
 In this case, API requests don't require a Langflow API key.
 
-In Langflow version 1.5, you can set `SKIP_AUTH_AUTO_LOGIN=true` and `AUTO_LOGIN=true` to skip authentication for API requests.
-However, the `SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
+In Langflow version 1.5, you can set `LANGFLOW_SKIP_AUTH_AUTO_LOGIN=true` and `LANGFLOW_AUTO_LOGIN=true` to skip authentication for API requests.
+However, the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` option will be removed in a future release.
 </details>
 
 ### LANGFLOW_SUPERUSER and LANGFLOW_SUPERUSER_PASSWORD

docs/docs/Configuration/environment-variables.mdx

@@ -240,7 +240,7 @@ The following table lists the environment variables supported by Langflow.
 | <Link id="LANGFLOW_WORKERS"/><span class="env-prefix">LANGFLOW_</span>WORKERS | Integer | `1` | Number of worker processes.<br/>See [`--workers` option](./configuration-cli.mdx#run-workers). |
 | <Link id="LANGFLOW_SSL_CERT_FILE"/><span class="env-prefix">LANGFLOW_</span>SSL_CERT_FILE | String | Not set | Path to the SSL certificate file on the local system. |
 | <Link id="LANGFLOW_SSL_KEY_FILE"/><span class="env-prefix">LANGFLOW_</span>SSL_KEY_FILE | String | Not set | Path to the SSL key file on the local system. |
-| <Link id="SKIP_AUTH_AUTO_LOGIN"/>SKIP_AUTH_AUTO_LOGIN | Boolean | `false` | If set to `true`, disables automatic login and enforces authentication, regardless of the value of `LANGFLOW_AUTO_LOGIN`.
+| <Link id="LANGFLOW_SKIP_AUTH_AUTO_LOGIN"/><span class="env-prefix">LANGFLOW_</span>SKIP_AUTH_AUTO_LOGIN | Boolean | `true` | If set to `true`, and `LANGFLOW_AUTO_LOGIN` is set to `true`, skips authentication and allows automatic login as the superuser. If set to `false`, and `LANGFLOW_AUTO_LOGIN` is set to `true`, disables automatic login and enforces authentication. If `LANGFLOW_AUTO_LOGIN` is `false`, has no effect. |
 </div>