Improving default session timeout behavour. (#10453)

* Improving default session timeout behavour.

* Changing mind to 180 days instead of 548 days

app/session.go

@@ -76,14 +76,13 @@ func (a *App) GetSession(token string) (*model.Session, *model.AppError) {
 		return nil, model.NewAppError("GetSession", "api.context.invalid_token.error", map[string]interface{}{"Token": token}, "", http.StatusUnauthorized)
 	}
 
-	license := a.License()
-	if *a.Config().ServiceSettings.SessionIdleTimeoutInMinutes > 0 &&
-		license != nil && *license.Features.Compliance &&
-		session != nil && !session.IsOAuth && !session.IsMobileApp() &&
+	if session != nil &&
+		*a.Config().ServiceSettings.SessionIdleTimeoutInMinutes > 0 &&
+		!session.IsOAuth &&
 		session.Props[model.SESSION_PROP_TYPE] != model.SESSION_TYPE_USER_ACCESS_TOKEN {
 
 		timeout := int64(*a.Config().ServiceSettings.SessionIdleTimeoutInMinutes) * 1000 * 60
-		if model.GetMillis()-session.LastActivityAt > timeout {
+		if (model.GetMillis() - session.LastActivityAt) > timeout {
 			a.RevokeSessionById(session.Id)
 			return nil, model.NewAppError("GetSession", "api.context.invalid_token.error", map[string]interface{}{"Token": token}, "idle timeout", http.StatusUnauthorized)
 		}

app/session_test.go

@@ -65,20 +65,6 @@ func TestGetSessionIdleTimeoutInMinutes(t *testing.T) {
 	assert.Equal(t, "idle timeout", err.DetailedError)
 	assert.Nil(t, rsession)
 
-	// Test mobile session, should not timeout
-	session = &model.Session{
-		UserId:   model.NewId(),
-		DeviceId: "android:" + model.NewId(),
-	}
-
-	session, _ = th.App.CreateSession(session)
-	time = session.LastActivityAt - (1000 * 60 * 6)
-	<-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time)
-	th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId)
-
-	_, err = th.App.GetSession(session.Token)
-	assert.Nil(t, err)
-
 	// Test oauth session, should not timeout
 	session = &model.Session{
 		UserId:  model.NewId(),
@@ -107,21 +93,6 @@ func TestGetSessionIdleTimeoutInMinutes(t *testing.T) {
 	_, err = th.App.GetSession(session.Token)
 	assert.Nil(t, err)
 
-	// Test regular session with license off, should not timeout
-	th.App.SetLicense(nil)
-
-	session = &model.Session{
-		UserId: model.NewId(),
-	}
-
-	session, _ = th.App.CreateSession(session)
-	time = session.LastActivityAt - (1000 * 60 * 6)
-	<-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time)
-	th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId)
-
-	_, err = th.App.GetSession(session.Token)
-	assert.Nil(t, err)
-
 	th.App.SetLicense(model.NewTestLicense("compliance"))
 
 	// Test regular session with timeout set to 0, should not timeout

config/default.json

@@ -41,11 +41,11 @@
         "CorsAllowCredentials": false,
         "CorsDebug": false,
         "AllowCookiesForSubdomains": false,
-        "SessionLengthWebInDays": 30,
-        "SessionLengthMobileInDays": 30,
+        "SessionLengthWebInDays": 180,
+        "SessionLengthMobileInDays": 180,
         "SessionLengthSSOInDays": 30,
         "SessionCacheInMinutes": 10,
-        "SessionIdleTimeoutInMinutes": 0,
+        "SessionIdleTimeoutInMinutes": 43200,
         "WebsocketSecurePort": 443,
         "WebsocketPort": 80,
         "WebserverMode": "gzip",

model/config.go

@@ -466,11 +466,11 @@ func (s *ServiceSettings) SetDefaults() {
 	}
 
 	if s.SessionLengthWebInDays == nil {
-		s.SessionLengthWebInDays = NewInt(30)
+		s.SessionLengthWebInDays = NewInt(180)
 	}
 
 	if s.SessionLengthMobileInDays == nil {
-		s.SessionLengthMobileInDays = NewInt(30)
+		s.SessionLengthMobileInDays = NewInt(180)
 	}
 
 	if s.SessionLengthSSOInDays == nil {
@@ -482,7 +482,7 @@ func (s *ServiceSettings) SetDefaults() {
 	}
 
 	if s.SessionIdleTimeoutInMinutes == nil {
-		s.SessionIdleTimeoutInMinutes = NewInt(0)
+		s.SessionIdleTimeoutInMinutes = NewInt(43200)
 	}
 
 	if s.EnableCommands == nil {