Merge pull request #1156 from TriliumNext/feat_custom_cookie-session-expiration

feat: allow setting custom session cookie expiration
2025-08-10 02:02:29 +08:00 · 2025-02-13 21:50:09 +02:00 · 2025-02-13 21:50:09 +02:00 · bfd894b5eb
commit bfd894b5eb
parent 508908ded8 b692c00b8d
4 changed files with 21 additions and 9 deletions
--- a/config-sample.ini
+++ b/config-sample.ini
@ -30,13 +30,19 @@ trustedReverseProxy=false


 [Session]
-# Use this setting to constrain the current instance's "Path" value for the set cookies
+# Use this setting to set a custom value for the "Path" Attribute value of the session cookie.
 # This can be useful, when you have several instances running on the same domain, under different paths (e.g. by using a reverse proxy).
-# It prevents your instances from overwriting each others' cookies.
-# e.g. if you have https://your-domain.com/triliumNext/instanceA and https://your-domain.com/triliumNext/instanceB
+# It prevents your instances from overwriting each others' cookies, allowing you to stay logged in multiple instances simultanteously.
+# E.g. if you have instances running under https://your-domain.com/triliumNext/instanceA and https://your-domain.com/triliumNext/instanceB
 # you would want to set the cookiePath value to "/triliumNext/instanceA" for your first and "/triliumNext/instanceB" for your second instance
 cookiePath=/

+# Use this setting to set a custom value for the "Max-Age" Attribute of the session cookie.
+# This controls how long your session will be valid, before it expires and you need to log in again, when you use the "Remember Me" option.
+# Value needs to be entered in Seconds.
+# Default value is 1814400 Seconds, which is 21 Days.
+cookieMaxAge=1814400
+
 [Sync]
 #syncServerHost=
 #syncServerTimeout=
--- a/src/routes/login.ts
+++ b/src/routes/login.ts
@ -70,14 +70,16 @@ function login(req: Request, res: Response) {
    }

    req.session.regenerate(() => {
-        const sessionMaxAge = 21 * 24 * 3600000 // 3 weeks in Milliseconds
+        if (!rememberMe) {
+            // unset default maxAge set by sessionParser
+            // Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed)
+            req.session.cookie.maxAge = undefined;
+        }

-        req.session.cookie.maxAge = (rememberMe) ? sessionMaxAge : undefined;
        req.session.loggedIn = true;

        res.redirect(".");
    });
-
 }

 function verifyPassword(guessedPassword: string) {
--- a/src/routes/session_parser.ts
+++ b/src/routes/session_parser.ts
@ -12,11 +12,11 @@ const sessionParser = session({
    cookie: {
        path: config.Session.cookiePath,
        httpOnly: true,
-        maxAge: 24 * 60 * 60 * 1000 // in milliseconds
+        maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds
    },
    name: "trilium.sid",
    store: new FileStore({
-        ttl: 30 * 24 * 3600,
+        ttl: config.Session.cookieMaxAge,
        path: `${dataDir.TRILIUM_DATA_DIR}/sessions`
    })
 });
--- a/src/services/config.ts
+++ b/src/services/config.ts
@ -34,6 +34,7 @@ export interface TriliumConfig {
    };
    Session: {
        cookiePath: string;
+        cookieMaxAge: number;
    }
    Sync: {
        syncServerHost: string;
@ -81,7 +82,10 @@ const config: TriliumConfig = {

    Session: {
        cookiePath:
-            process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/"
+            process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/",
+
+        cookieMaxAge:
+            parseInt(String(process.env.TRILIUM_SESSION_COOKIEMAXAGE)) || parseInt(iniConfig?.Session?.cookieMaxAge) || 21 * 24 * 60 * 60 // 21 Days in Seconds
    },

    Sync: {