diff --git a/default/config.yaml b/default/config.yaml index 9c8c02de2..2c6f2fa98 100644 --- a/default/config.yaml +++ b/default/config.yaml @@ -95,3 +95,8 @@ deepl: formality: default # -- SERVER PLUGIN CONFIGURATION -- enableServerPlugins: false +# User session timeout *in seconds* (defaults to 24 hours). +## Set to a positive number to expire session after a certain time of inactivity +## Set to 0 to expire session when the browser is closed +## Set to a negative number to disable session expiration +sessionTimeout: 86400 diff --git a/server.js b/server.js index eebd23c22..1f226dc68 100644 --- a/server.js +++ b/server.js @@ -200,11 +200,30 @@ if (enableCorsProxy) { }); } +function getSessionCookieAge() { + // Defaults to 24 hours in seconds if not set + const configValue = getConfigValue('sessionTimeout', 24 * 60 * 60); + + // Convert to milliseconds + if (configValue > 0) { + return configValue * 1000; + } + + // "No expiration" is just 400 days as per RFC 6265 + if (configValue < 0) { + return 400 * 24 * 60 * 60 * 1000; + } + + // 0 means session cookie is deleted when the browser session ends + // (depends on the implementation of the browser) + return undefined; +} + app.use(cookieSession({ name: userModule.getCookieSessionName(), sameSite: 'strict', httpOnly: true, - maxAge: 24 * 60 * 60 * 1000, // 24 hours + maxAge: getSessionCookieAge(), secret: userModule.getCookieSecret(), }));