fix(server): keep session cookies up to to 24h (closes #2196)

2025-07-27 18:12:29 +08:00 · 2025-06-07 11:28:30 +03:00 · 2025-06-07 11:28:30 +03:00 · 68163f90d1
commit 68163f90d1
parent dc35ad9ace
2 changed files with 19 additions and 2 deletions
--- a/apps/server/src/routes/login.spec.ts
+++ b/apps/server/src/routes/login.spec.ts
@ -159,6 +159,16 @@ describe("Login Route test", () => {
            expect(expiry!.getTime()).toBeGreaterThan(originalExpiry!.getTime());
        });

+        it("keeps session up to 24 hours", async () => {
+            // Simulate user waiting 23 hours.
+            vi.setSystemTime(dayjs().add(23, "hours").toDate());
+            vi.advanceTimersByTime(CLEAN_UP_INTERVAL);
+
+            // Check the session is still valid.
+            const { session } = await getSessionFromCookie(setCookieHeader);
+            expect(session).toBeTruthy();
+        });
+
        it("cleans up expired sessions", async () => {
            let { session, expiry } = await getSessionFromCookie(setCookieHeader);
            expect(session).toBeTruthy();
--- a/apps/server/src/routes/session_parser.ts
+++ b/apps/server/src/routes/session_parser.ts
@ -10,6 +10,13 @@ import type express from "express";
 */
 export const CLEAN_UP_INTERVAL = 60 * 60 * 1000; // 1 hour

+/**
+ * The amount of time in milliseconds after which a session cookie expires if "Remember me" is not checked.
+ *
+ * Note that the session is renewed on each request, so the session will last up to this time from the last request.
+ */
+export const SESSION_COOKIE_EXPIRY = 24 * 60 * 60 * 1000; // 24 hours
+
 export class SQLiteSessionStore extends Store {

    get(sid: string, callback: (err: any, session?: session.SessionData | null) => void): void {
@ -30,7 +37,7 @@ export class SQLiteSessionStore extends Store {
        try {
            const expires = session.cookie?.expires
                ? new Date(session.cookie.expires).getTime()
-                : Date.now() + 3600000; // fallback to 1 hour
+                : Date.now() + SESSION_COOKIE_EXPIRY;
            const data = JSON.stringify(session);

            sql.upsert("sessions", "id", {
@ -63,7 +70,7 @@ export class SQLiteSessionStore extends Store {
        }

        try {
-            const expires = Date.now() + 3600000; // fallback to 1 hour
+            const expires = Date.now() + SESSION_COOKIE_EXPIRY;
            sql.execute(/*sql*/`UPDATE sessions SET expires = ? WHERE id = ?`, [expires, sid]);
            callback?.();
        } catch (e) {