Disable rolling sessions in web-admin (#9307)

GitOrigin-RevId: 7f098d5222d21187f219c0906757b913890e85e7

services/web/app/src/infrastructure/Server.js

@@ -161,7 +161,7 @@ webRouter.use(
     },
     store: sessionStore,
     key: Settings.cookieName,
-    rolling: true,
+    rolling: Settings.cookieRollingSession === true,
   })
 )
 if (Features.hasFeature('saas')) {
@@ -203,23 +203,25 @@ webRouter.use(webRouter.csrf.middleware)
 webRouter.use(translations.i18nMiddleware)
 webRouter.use(translations.setLangBasedOnDomainMiddleware)
 
-// Measure expiry from last request, not last login
+if (Settings.cookieRollingSession) {
-webRouter.use(function (req, res, next) {
+  // Measure expiry from last request, not last login
-  if (!req.session.noSessionCallback) {
+  webRouter.use(function (req, res, next) {
-    req.session.touch()
+    if (!req.session.noSessionCallback) {
-    if (SessionManager.isUserLoggedIn(req.session)) {
+      req.session.touch()
-      UserSessionsManager.touch(
+      if (SessionManager.isUserLoggedIn(req.session)) {
-        SessionManager.getSessionUser(req.session),
+        UserSessionsManager.touch(
-        err => {
+          SessionManager.getSessionUser(req.session),
-          if (err) {
+          err => {
-            logger.err({ err }, 'error extending user session')
+            if (err) {
+              logger.err({ err }, 'error extending user session')
+            }
           }
-        }
+        )
-      )
+      }
     }
-  }
+    next()
-  next()
+  })
-})
+}
 
 webRouter.use(ReferalConnect.use)
 expressLocals(webRouter, privateApiRouter, publicApiRouter)

services/web/config/settings.defaults.js

@@ -264,6 +264,7 @@ module.exports = {
   // replace subdomain with dot to have them accessible on all subdomains
   cookieDomain: process.env.COOKIE_DOMAIN,
   cookieName: process.env.COOKIE_NAME || 'sharelatex.sid',
+  cookieRollingSession: true,
 
   // this is only used if cookies are used for clsi backend
   // clsiCookieKey: "clsiserver"