Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): keep session cookies up to to 24h (closes #2196)

Browse Source
This commit is contained in:
Elian Doran 2025-06-07 11:28:30 +03:00
parent dc35ad9ace
commit 68163f90d1
No known key found for this signature in database
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/server/src/routes/login.spec.ts
View File

@ -159,6 +159,16 @@ describe("Login Route test", () => {
expect(expiry!.getTime()).toBeGreaterThan(originalExpiry!.getTime()); expect(expiry!.getTime()).toBeGreaterThan(originalExpiry!.getTime());
}); });
it("keeps session up to 24 hours", async () => {
// Simulate user waiting 23 hours.
vi.setSystemTime(dayjs().add(23, "hours").toDate());
vi.advanceTimersByTime(CLEAN_UP_INTERVAL);
// Check the session is still valid.
const { session } = await getSessionFromCookie(setCookieHeader);
expect(session).toBeTruthy();
});
it("cleans up expired sessions", async () => { it("cleans up expired sessions", async () => {
let { session, expiry } = await getSessionFromCookie(setCookieHeader); let { session, expiry } = await getSessionFromCookie(setCookieHeader);
expect(session).toBeTruthy(); expect(session).toBeTruthy();

11
apps/server/src/routes/session_parser.ts
View File

@ -10,6 +10,13 @@ import type express from "express";
*/ */
export const CLEAN_UP_INTERVAL = 60 * 60 * 1000; // 1 hour export const CLEAN_UP_INTERVAL = 60 * 60 * 1000; // 1 hour
/**
* The amount of time in milliseconds after which a session cookie expires if "Remember me" is not checked.
*
* Note that the session is renewed on each request, so the session will last up to this time from the last request.
*/
export const SESSION_COOKIE_EXPIRY = 24 * 60 * 60 * 1000; // 24 hours
export class SQLiteSessionStore extends Store { export class SQLiteSessionStore extends Store {
get(sid: string, callback: (err: any, session?: session.SessionData | null) => void): void { get(sid: string, callback: (err: any, session?: session.SessionData | null) => void): void {
@ -30,7 +37,7 @@ export class SQLiteSessionStore extends Store {
try { try {
const expires = session.cookie?.expires const expires = session.cookie?.expires
? new Date(session.cookie.expires).getTime() ? new Date(session.cookie.expires).getTime()
: Date.now() + 3600000; // fallback to 1 hour : Date.now() + SESSION_COOKIE_EXPIRY;
const data = JSON.stringify(session); const data = JSON.stringify(session);
sql.upsert("sessions", "id", { sql.upsert("sessions", "id", {
@ -63,7 +70,7 @@ export class SQLiteSessionStore extends Store {
} }
try { try {
const expires = Date.now() + 3600000; // fallback to 1 hour const expires = Date.now() + SESSION_COOKIE_EXPIRY;
sql.execute(/*sql*/`UPDATE sessions SET expires = ? WHERE id = ?`, [expires, sid]); sql.execute(/*sql*/`UPDATE sessions SET expires = ? WHERE id = ?`, [expires, sid]);
callback?.(); callback?.();
} catch (e) { } catch (e) {