Session refresh, shorter default ttl

- Session cookies also no longer expire on the client
2022-02-23 13:34:52 +01:00 · 2022-02-23 13:34:52 +01:00 · c56ba425c7
commit c56ba425c7
parent 68845fc715
3 changed files with 5 additions and 3 deletions
--- a/config/config.go
+++ b/config/config.go
@ -27,7 +27,7 @@ var configPath string
 func init() {
 	Config = config{
 		Server:     ":8080",
-		SessionTTL: 1440,
+		SessionTTL: 10,
 	}

 	// Locations to look for a config file for
--- a/example/config.toml
+++ b/example/config.toml
@ -1,6 +1,6 @@
 Server = ":8080" # The address the webserver should bind to
 PassHash = "$2a$10$I.26oCzkjZ8qwfhbmeYM3.kppBjxtPsxkeE1Y.ULjVvA1IBPcQP42" # "password"
-SessionTTL = 60  # How many minutes sessions last for
+SessionTTL = 10  # How many minutes sessions last for

 [[Devices]]
  Alias = "SomeDevice"
--- a/web/auth.go
+++ b/web/auth.go
@ -37,9 +37,12 @@ func checkAuth(token string) error {
 func withAuth(handler echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		session, err := c.Cookie("session")
+		// Redirect to login if session expired/invalid
 		if err != nil || checkAuth(session.Value) != nil {
 			return c.Redirect(http.StatusSeeOther, "/")
 		}
+		// Refresh session
+		sessions[session.Value] = time.Now().Add(time.Second * time.Duration(config.Config.SessionTTL*60))
 		return handler(c)
 	}
 }
@ -59,7 +62,6 @@ func auth(c echo.Context) error {
 		Secure:   true,
 		HttpOnly: true,
 		SameSite: http.SameSiteStrictMode,
-		Expires:  sessions[token],
 	})
 	return c.Redirect(http.StatusSeeOther, "/")
 }