Disable rolling sessions in web-admin (#9307)

GitOrigin-RevId: 7f098d5222d21187f219c0906757b913890e85e7
2024-11-21 20:47:08 -05:00 · 2022-09-01 09:20:16 +02:00 · 2022-09-01 09:20:16 +02:00 · e414c65028
commit e414c65028
parent c908c0c07d
2 changed files with 19 additions and 16 deletions
--- a/services/web/app/src/infrastructure/Server.js
+++ b/services/web/app/src/infrastructure/Server.js
@ -161,7 +161,7 @@ webRouter.use(
    },
    store: sessionStore,
    key: Settings.cookieName,
-    rolling: true,
+    rolling: Settings.cookieRollingSession === true,
  })
 )
 if (Features.hasFeature('saas')) {
@ -203,8 +203,9 @@ webRouter.use(webRouter.csrf.middleware)
 webRouter.use(translations.i18nMiddleware)
 webRouter.use(translations.setLangBasedOnDomainMiddleware)

-// Measure expiry from last request, not last login
-webRouter.use(function (req, res, next) {
+if (Settings.cookieRollingSession) {
+  // Measure expiry from last request, not last login
+  webRouter.use(function (req, res, next) {
    if (!req.session.noSessionCallback) {
      req.session.touch()
      if (SessionManager.isUserLoggedIn(req.session)) {
@ -219,7 +220,8 @@ webRouter.use(function (req, res, next) {
      }
    }
    next()
-})
+  })
+}

 webRouter.use(ReferalConnect.use)
 expressLocals(webRouter, privateApiRouter, publicApiRouter)
--- a/services/web/config/settings.defaults.js
+++ b/services/web/config/settings.defaults.js
@ -264,6 +264,7 @@ module.exports = {
  // replace subdomain with dot to have them accessible on all subdomains
  cookieDomain: process.env.COOKIE_DOMAIN,
  cookieName: process.env.COOKIE_NAME || 'sharelatex.sid',
+  cookieRollingSession: true,

  // this is only used if cookies are used for clsi backend
  // clsiCookieKey: "clsiserver"