feat: Add session expiration configuration and update token timeout l…

…ogic
limanmys · Dec 9, 2024 · d8d65df · d8d65df
1 parent b1b2c14
commit d8d65df
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -156,6 +156,10 @@ KEYCLOAK_REALM=
 # Activate Google Authenticator service for 2FA logins
 OTP_ENABLED=false
 
+# SESSION EXPIRES ON CLOSE
+# Changes session expiration behavior
+AUTH_SESSION_EXPIRES_ON_CLOSE=false
+
 
 ##### DATABASE SETTINGS #####
 DB_CONNECTION=pgsql

diff --git a/app/Classes/Authentication/Authenticator.php b/app/Classes/Authentication/Authenticator.php
@@ -115,10 +115,17 @@ public static function createNewToken($token, ?Request $request = null)
             ],
         ];
 
+        $sessionCheck = (bool) env('AUTH_SESSION_EXPIRES_ON_CLOSE', false);
+        if ($sessionCheck) {
+            $tokenTimeout = 0;
+        } else {
+            $tokenTimeout = auth('api')->factory()->getTTL() * 60;
+        }
+
         return response()->json($return)->withCookie(cookie(
             'token',
             $token,
-            auth('api')->factory()->getTTL() * 60,
+            $tokenTimeout,
             null,
             $request->getHost(),
             true,
@@ -127,7 +134,7 @@ public static function createNewToken($token, ?Request $request = null)
         ))->withCookie(cookie(
             'currentUser',
             json_encode($return),
-            auth('api')->factory()->getTTL() * 60,
+            $tokenTimeout,
             null,
             $request->getHost(),
             true,