Configurable session expiration

2025-01-05 13:36:47 +01:00 · 2024-07-06 14:50:36 +03:00 · 2024-07-06 14:50:36 +03:00 · 02e65ff176
commit 02e65ff176
parent 545b77140f
2 changed files with 25 additions and 1 deletions
--- a/default/config.yaml
+++ b/default/config.yaml
@ -95,3 +95,8 @@ deepl:
  formality: default
 # -- SERVER PLUGIN CONFIGURATION --
 enableServerPlugins: false
+# User session timeout *in seconds* (defaults to 24 hours).
+## Set to a positive number to expire session after a certain time of inactivity
+## Set to 0 to expire session when the browser is closed
+## Set to a negative number to disable session expiration
+sessionTimeout: 86400
--- a/server.js
+++ b/server.js
@ -200,11 +200,30 @@ if (enableCorsProxy) {
    });
 }

+function getSessionCookieAge() {
+    // Defaults to 24 hours in seconds if not set
+    const configValue = getConfigValue('sessionTimeout', 24 * 60 * 60);
+
+    // Convert to milliseconds
+    if (configValue > 0) {
+        return configValue * 1000;
+    }
+
+    // "No expiration" is just 400 days as per RFC 6265
+    if (configValue < 0) {
+        return 400 * 24 * 60 * 60 * 1000;
+    }
+
+    // 0 means session cookie is deleted when the browser session ends
+    // (depends on the implementation of the browser)
+    return undefined;
+}
+
 app.use(cookieSession({
    name: userModule.getCookieSessionName(),
    sameSite: 'strict',
    httpOnly: true,
-    maxAge: 24 * 60 * 60 * 1000, // 24 hours
+    maxAge: getSessionCookieAge(),
    secret: userModule.getCookieSecret(),
 }));