From 017524d5a30a5d0bf6eb6edba77e0c626d3ef11a Mon Sep 17 00:00:00 2001
From: "Aldo \"xoen\" Giambelluca" <aldo.giambelluca@digital.justice.gov.uk>
Date: Tue, 27 Feb 2018 14:48:30 +0000
Subject: [PATCH] Session expires after 1 hour (by default)

Can be configured by setting the `COOKIE_MAXAGE` environment variable to
the number of seconds after which cookie session will expire.
---
 README.md     | 7 +++++++
 app/config.js | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/README.md b/README.md
index cac6d3e..8e71552 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,9 @@
 # analytics-platform-rstudio-auth-proxy
 RStudio auth proxy
+
+
+### Environment variables
+
+- `COOKIE_MAXAGE`, maximum age of session cookies in seconds.
+  Defaults to `3600` seconds (1 hours).
+  See [`Set-Cookie: MaxAge` documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)
diff --git a/app/config.js b/app/config.js
index d0d7e60..ee7709a 100644
--- a/app/config.js
+++ b/app/config.js
@@ -20,6 +20,10 @@ config.session = {
   resave: true,
   saveUninitialized: true,
   secret: process.env.COOKIE_SECRET || 'shh-its-a-secret',
+  cookie: {
+    // `COOKIE_MAXAGE` in seconds (defaults to 1 hour = 3,600,000 ms)
+    maxAge: (Number.parseInt(process.env.COOKIE_MAXAGE, 10) || 3600) * 1000,
+  },
 };
 
 config.auth0 = {