Merge pull request #5356 from DomLennonZA/master

Adding more specific timings for session timeout

src/database/mongo.js

@@ -111,15 +111,23 @@
 					if (err) {
 						return callback(err);
 					}
-					createSessionStore();					
+					callback();
 				});
 			} else {
 				winston.warn('You have no mongo password setup!');
-				createSessionStore();
+				callback();
 			}
+		});
+	};
 
-			function createSessionStore() {
+	module.initSessionStore = function (callback) {
+		var meta = require('../meta');
 		var sessionStore;
+
+		var ttlDays = 1000 * 60 * 60 * 24 * (parseInt(meta.config.loginDays, 10) || 0);
+		var ttlSeconds = 1000 * (parseInt(meta.config.loginSeconds, 10) || 0);
+		var ttl = ttlSeconds || ttlDays || 1209600000; // Default to 14 days
+
 		if (nconf.get('redis')) {
 			sessionStore = require('connect-redis')(session);
 			var rdb = require('./redis');
@@ -127,17 +135,17 @@
 
 			module.sessionStore = new sessionStore({
 				client: rdb.client,
-						ttl: 60 * 60 * 24 * 14
+				ttl: ttl
 			});
 		} else if (nconf.get('mongo')) {
 			sessionStore = require('connect-mongo')(session);
 			module.sessionStore = new sessionStore({
-						db: db
+				db: db,
+				ttl: ttl
 			});
 		}
+
 		callback();
-			}			
-		});
 	};
 
 	module.createIndices = function (callback) {

src/database/redis.js

@@ -38,7 +38,6 @@
 	module.init = function (callback) {
 		try {
 			redis = require('redis');
-			connectRedis = require('connect-redis')(session);
 		} catch (err) {
 			winston.error('Unable to initialize Redis! Is Redis installed? Error :' + err.message);
 			process.exit();
@@ -48,11 +47,6 @@
 
 		module.client = redisClient;
 
-		module.sessionStore = new connectRedis({
-			client: redisClient,
-			ttl: 60 * 60 * 24 * 14
-		});
-
 		require('./redis/main')(redisClient, module);
 		require('./redis/hash')(redisClient, module);
 		require('./redis/sets')(redisClient, module);
@@ -64,6 +58,24 @@
 		}
 	};
 
+	module.initSessionStore = function (callback) {
+		var meta = require('../meta');
+		var sessionStore = require('connect-redis')(session);
+
+		var ttlDays = 1000 * 60 * 60 * 24 * (parseInt(meta.config.loginDays, 10) || 0);
+		var ttlSeconds = 1000 * (parseInt(meta.config.loginSeconds, 10) || 0);
+		var ttl = ttlSeconds || ttlDays || 1209600000; // Default to 14 days
+
+		module.sessionStore = new sessionStore({
+			client: module.client,
+			ttl: ttl
+		});
+
+		if (typeof callback === 'function') {
+			callback();
+		}
+	};
+
 	module.connect = function (options) {
 		var redis_socket_or_host = nconf.get('redis:host');
 		var cxn;

src/start.js

@@ -40,6 +40,9 @@ start.start = function () {
 				next(err);
 			});
 		},
+		function (next) {
+			db.initSessionStore(next);
+		},
 		function (next) {
 			var webserver = require('./webserver');
 			require('./socket.io').init(webserver.server);

src/views/admin/settings/user.tpl

@@ -20,7 +20,8 @@
 
 			<div class="form-group form-inline">
 				<label for="emailConfirmInterval">[[admin/settings/user:email-confirm-interval]]</label>
-				<input class="form-control" data-field="emailConfirmInterval" type="number" id="emailConfirmInterval" placeholder="Default: 10" value="10" />
+				<input class="form-control" data-field="emailConfirmInterval" type="number" id="emailConfirmInterval" placeholder="Default: 10"
+					value="10" />
 				<label for="emailConfirmInterval">[[admin/settings/user:email-confirm-email2]]</label>
 			</div>
 
@@ -103,10 +104,6 @@
 				<label for="lockoutDuration">[[admin/settings/user:lockout-duration]]</label>
 				<input id="lockoutDuration" type="text" class="form-control" data-field="lockoutDuration" placeholder="60" />
 			</div>
-			<div class="form-group">
-				<label>[[admin/settings/user:login-days]]</label>
-				<input type="text" class="form-control" data-field="loginDays" placeholder="14" />
-			</div>
 			<div class="form-group">
 				<label>[[admin/settings/user:password-expiry-days]]</label>
 				<input type="text" class="form-control" data-field="passwordExpiryDays" placeholder="0" />
@@ -115,6 +112,24 @@
 	</div>
 </div>
 
+<div class="row">
+	<div class="col-sm-2 col-xs-12 settings-header">
+		Session time
+	</div>
+	<div class="col-sm-10 col-xs-12">
+		<form>
+			<div class="form-group">
+				<label>Days: </label>
+				<input type="text" class="form-control" data-field="loginDays" placeholder="Days" />
+				<label>Seconds: </label>
+				<input type="text" class="form-control" data-field="loginSeconds" placeholder="Seconds" />
+				<p class="help-block">Note that only one of these values will be used. If there is no <i>seconds</i> value we fall back to <i>days</i>. If
+					there is no <i>days</i> value we default to <i>14 days</i>.</p>
+			</div>
+		</form>
+	</div>
+</div>
+
 <div class="row">
 	<div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/user:registration]]</div>
 	<div class="col-sm-10 col-xs-12">

src/webserver.js

@@ -170,8 +170,12 @@ function setupFavicon(app) {
 }
 
 function setupCookie() {
+	var ttlDays = 1000 * 60 * 60 * 24 * (parseInt(meta.config.loginDays, 10) || 0);
+	var ttlSeconds = 1000 * (parseInt(meta.config.loginSeconds, 10) || 0);
+	var ttl = ttlSeconds || ttlDays || 1209600000; // Default to 14 days
+
 	var cookie = {
-		maxAge: 1000 * 60 * 60 * 24 * (parseInt(meta.config.loginDays, 10) || 14)
+		maxAge: ttl
 	};
 
 	if (nconf.get('cookieDomain') || meta.config.cookieDomain) {

test/mocks/databasemock.js

@@ -100,6 +100,9 @@
 			function (next) {
 				meta.configs.init(next);
 			},
+			function (next) {
+				db.initSessionStore(next);
+			},
 			function (next) {
 				meta.dependencies.check(next);
 			},