From dfdaac0549d82349b418da7ee9e750dd53e5c76f Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 12 Jun 2020 12:00:58 -0700
Subject: [PATCH] Cookie session is now auto-refreshed.

---
 views/default-mobile.handlebars | 12 ++++++++++++
 views/default.handlebars        | 14 +++++++++++++-
 webserver.js                    |  5 +++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars
index f4e27f99..df11eb60 100644
--- a/views/default-mobile.handlebars
+++ b/views/default-mobile.handlebars
@@ -739,6 +739,7 @@
         var debugLevel = parseInt('{{{debuglevel}}}');
         var features = parseInt('{{{features}}}');
         var sessionTime = parseInt('{{{sessiontime}}}');
+        var sessionRefreshTimer = null;
         var domain = '{{{domain}}}';
         var domainUrl = '{{{domainurl}}}';
         var authCookie = '{{{authCookie}}}';
@@ -799,6 +800,17 @@
 
             attemptWebRTC = 0; // For now, default WebRTC off unless we set it in the URL.
             if (args.webrtc != null) { attemptWebRTC = (args.webrtc == 1); }
+
+            // Session Refresh Timer
+            sessionRefreshTimer = setInterval(function () {
+                var xdr = null;
+                try { xdr = new XDomainRequest(); } catch (e) { }
+                if (!xdr) xdr = new XMLHttpRequest();
+                xdr.open('GET', window.location.origin + domainUrl + 'refresh.ashx');
+                xdr.timeout = 15000;
+                xdr.onload = xdr.onerror = xdr.ontimeout = function () { };
+                xdr.send();
+            }, Math.round((sessionTime * 60000) * 0.8))
         }
 
         function onStateChanged(server, state, prevState, errorCode) {
diff --git a/views/default.handlebars b/views/default.handlebars
index 8eeaa458..4c7fd270 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -1219,6 +1219,7 @@
         var debugLevel = parseInt('{{{debuglevel}}}');
         var features = parseInt('{{{features}}}');
         var sessionTime = parseInt('{{{sessiontime}}}');
+        var sessionRefreshTimer = null;
         var domain = '{{{domain}}}';
         var domainUrl = '{{{domainurl}}}';
         var authCookie = '{{{authCookie}}}';
@@ -1419,6 +1420,17 @@
                     QH('devCustomUIBar', x);
                 }
             }
+
+            // Session Refresh Timer
+            sessionRefreshTimer = setInterval(function () {
+                var xdr = null;
+                try { xdr = new XDomainRequest(); } catch (e) { }
+                if (!xdr) xdr = new XMLHttpRequest();
+                xdr.open('GET', window.location.origin + domainUrl + 'refresh.ashx');
+                xdr.timeout = 15000;
+                xdr.onload = xdr.onerror = xdr.ontimeout = function () { };
+                xdr.send();
+            }, Math.round((sessionTime * 60000) * 0.8))
         }
 
         // Generic handling of custom actions
@@ -5025,7 +5037,7 @@
             //for(var i = meshOptions.options.length - 1 ; i > 0 ; i--) { meshOptions.remove(i); }
         }
 
-        // Make a http get call- Replace this with AJAX get if jquery  is used
+        // Make a http get call
         function getSearchLocation() {
             try {
                 var searchdata = Q('mapSearchLocation').value.trim();
diff --git a/webserver.js b/webserver.js
index 7a67f68d..77910528 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2187,6 +2187,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 var customui = '';
                 if (domain.customui != null) { customui = encodeURIComponent(JSON.stringify(domain.customui)); }
 
+                // Refresh the session
                 render(req, res, getRenderPage('default', req, domain), getRenderArgs({ authCookie: authCookie, authRelayCookie: authRelayCookie, viewmode: viewmode, currentNode: currentNode, logoutControls: encodeURIComponent(JSON.stringify(logoutcontrols)).replace(/'/g, '%27'), domain: domain.id, debuglevel: parent.debugLevel, serverDnsName: obj.getWebServerName(domain), serverRedirPort: args.redirport, serverPublicPort: httpsPort, noServerBackup: (args.noserverbackup == 1 ? 1 : 0), features: features, sessiontime: args.sessiontime, mpspass: args.mpspass, passRequirements: passRequirements, customui: customui, webcerthash: Buffer.from(obj.webCertificateFullHashs[domain.id], 'binary').toString('base64').replace(/\+/g, '@').replace(/\//g, '$'), footer: (domain.footer == null) ? '' : domain.footer, webstate: encodeURIComponent(webstate), pluginHandler: (parent.pluginHandler == null) ? 'null' : parent.pluginHandler.prepExports() }, req, domain));
             });
         } else {
@@ -4227,6 +4228,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
             // Check the session if bound to the external IP address
             if ((req.session.ip != null) && (req.clientIp != null) && (req.session.ip != req.clientIp)) { req.session = {}; }
 
+            // Extend the session time by forcing a change to the session every minute.
+            req.session.nowInMinutes = Math.floor(Date.now() / 60e3);
+
             // Detect if this is a file sharing domain, if so, just share files.
             if ((domain != null) && (domain.share != null)) {
                 var rpath;
@@ -4284,6 +4288,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
             var url = domain.url;
             obj.app.get(url, handleRootRequest);
             obj.app.post(url, handleRootPostRequest);
+            obj.app.get(url + 'refresh.ashx', function (req, res) { res.sendStatus(200); });
             obj.app.get(url + 'backup.zip', handleBackupRequest);
             obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest);
             obj.app.get(url + 'terms', handleTermsRequest);