From 02e65ff1765181682be301334616a5a8caff2523 Mon Sep 17 00:00:00 2001
From: Cohee <18619528+Cohee1207@users.noreply.github.com>
Date: Sat, 6 Jul 2024 14:50:36 +0300
Subject: [PATCH] Configurable session expiration

---
 default/config.yaml |  5 +++++
 server.js           | 21 ++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/default/config.yaml b/default/config.yaml
index 9c8c02de2..2c6f2fa98 100644
--- a/default/config.yaml
+++ b/default/config.yaml
@@ -95,3 +95,8 @@ deepl:
   formality: default
 # -- SERVER PLUGIN CONFIGURATION --
 enableServerPlugins: false
+# User session timeout *in seconds* (defaults to 24 hours).
+## Set to a positive number to expire session after a certain time of inactivity
+## Set to 0 to expire session when the browser is closed
+## Set to a negative number to disable session expiration
+sessionTimeout: 86400
diff --git a/server.js b/server.js
index eebd23c22..1f226dc68 100644
--- a/server.js
+++ b/server.js
@@ -200,11 +200,30 @@ if (enableCorsProxy) {
     });
 }
 
+function getSessionCookieAge() {
+    // Defaults to 24 hours in seconds if not set
+    const configValue = getConfigValue('sessionTimeout', 24 * 60 * 60);
+
+    // Convert to milliseconds
+    if (configValue > 0) {
+        return configValue * 1000;
+    }
+
+    // "No expiration" is just 400 days as per RFC 6265
+    if (configValue < 0) {
+        return 400 * 24 * 60 * 60 * 1000;
+    }
+
+    // 0 means session cookie is deleted when the browser session ends
+    // (depends on the implementation of the browser)
+    return undefined;
+}
+
 app.use(cookieSession({
     name: userModule.getCookieSessionName(),
     sameSite: 'strict',
     httpOnly: true,
-    maxAge: 24 * 60 * 60 * 1000, // 24 hours
+    maxAge: getSessionCookieAge(),
     secret: userModule.getCookieSecret(),
 }));