Merge pull request #1156 from TriliumNext/feat_custom_cookie-session-expiration

feat: allow setting custom session cookie expiration

src/routes/login.ts

@@ -70,14 +70,16 @@ function login(req: Request, res: Response) {
     }
 
     req.session.regenerate(() => {
-        const sessionMaxAge = 21 * 24 * 3600000 // 3 weeks in Milliseconds
+        if (!rememberMe) {
+            // unset default maxAge set by sessionParser
+            // Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed)
+            req.session.cookie.maxAge = undefined;
+        }
 
-        req.session.cookie.maxAge = (rememberMe) ? sessionMaxAge : undefined;
         req.session.loggedIn = true;
 
         res.redirect(".");
     });
-
 }
 
 function verifyPassword(guessedPassword: string) {

src/routes/session_parser.ts

@@ -12,11 +12,11 @@ const sessionParser = session({
     cookie: {
         path: config.Session.cookiePath,
         httpOnly: true,
-        maxAge: 24 * 60 * 60 * 1000 // in milliseconds
+        maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds
     },
     name: "trilium.sid",
     store: new FileStore({
-        ttl: 30 * 24 * 3600,
+        ttl: config.Session.cookieMaxAge,
         path: `${dataDir.TRILIUM_DATA_DIR}/sessions`
     })
 });

src/services/config.ts

@@ -34,6 +34,7 @@ export interface TriliumConfig {
     };
     Session: {
         cookiePath: string;
+        cookieMaxAge: number;
     }
     Sync: {
         syncServerHost: string;
@@ -81,7 +82,10 @@ const config: TriliumConfig = {
 
     Session: {
         cookiePath:
-            process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/"
+            process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/",
+
+        cookieMaxAge:
+            parseInt(String(process.env.TRILIUM_SESSION_COOKIEMAXAGE)) || parseInt(iniConfig?.Session?.cookieMaxAge) || 21 * 24 * 60 * 60 // 21 Days in Seconds
     },
 
     Sync: {