From d8d65dfbeaae732277617731d468db75c79f111b Mon Sep 17 00:00:00 2001
From: dogukanoksuz <me@dogukan.dev>
Date: Mon, 9 Dec 2024 11:01:05 +0300
Subject: [PATCH] feat: Add session expiration configuration and update token
 timeout logic

---
 .env.example                                 |  4 ++++
 app/Classes/Authentication/Authenticator.php | 11 +++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 37f600ad..2e16b54b 100644
--- a/.env.example
+++ b/.env.example
@@ -156,6 +156,10 @@ KEYCLOAK_REALM=
 # Activate Google Authenticator service for 2FA logins
 OTP_ENABLED=false
 
+# SESSION EXPIRES ON CLOSE
+# Changes session expiration behavior
+AUTH_SESSION_EXPIRES_ON_CLOSE=false
+
 
 ##### DATABASE SETTINGS #####
 DB_CONNECTION=pgsql
diff --git a/app/Classes/Authentication/Authenticator.php b/app/Classes/Authentication/Authenticator.php
index a8bcc26b..04de4716 100644
--- a/app/Classes/Authentication/Authenticator.php
+++ b/app/Classes/Authentication/Authenticator.php
@@ -115,10 +115,17 @@ public static function createNewToken($token, ?Request $request = null)
             ],
         ];
 
+        $sessionCheck = (bool) env('AUTH_SESSION_EXPIRES_ON_CLOSE', false);
+        if ($sessionCheck) {
+            $tokenTimeout = 0;
+        } else {
+            $tokenTimeout = auth('api')->factory()->getTTL() * 60;
+        }
+
         return response()->json($return)->withCookie(cookie(
             'token',
             $token,
-            auth('api')->factory()->getTTL() * 60,
+            $tokenTimeout,
             null,
             $request->getHost(),
             true,
@@ -127,7 +134,7 @@ public static function createNewToken($token, ?Request $request = null)
         ))->withCookie(cookie(
             'currentUser',
             json_encode($return),
-            auth('api')->factory()->getTTL() * 60,
+            $tokenTimeout,
             null,
             $request->getHost(),
             true,