From 6dae877e68fd18891dc91b4250be51c37ad0a4d9 Mon Sep 17 00:00:00 2001 From: Bubka <858858+Bubka@users.noreply.github.com> Date: Wed, 19 Oct 2022 13:12:49 +0200 Subject: [PATCH] Disable SESSION_LIFETIME environment var which interferes with autolock --- .env.example | 1 - .env.testing | 1 - config/session.php | 2 +- resources/js/api.js | 10 ++++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.env.example b/.env.example index 5fbdfbe9..21e776f5 100644 --- a/.env.example +++ b/.env.example @@ -162,7 +162,6 @@ TRUSTED_PROXIES=null BROADCAST_DRIVER=log QUEUE_DRIVER=sync -SESSION_LIFETIME=120 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null diff --git a/.env.testing b/.env.testing index da991acb..8f9a02c4 100644 --- a/.env.testing +++ b/.env.testing @@ -31,7 +31,6 @@ BROADCAST_DRIVER=log CACHE_DRIVER=array QUEUE_CONNECTION=sync SESSION_DRIVER=array -SESSION_LIFETIME=120 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null diff --git a/config/session.php b/config/session.php index a60d38cb..61c0a296 100644 --- a/config/session.php +++ b/config/session.php @@ -31,7 +31,7 @@ | */ - 'lifetime' => env('SESSION_LIFETIME', 120), + 'lifetime' => 1 * (60 * 24 * 90), 'expire_on_close' => false, diff --git a/resources/js/api.js b/resources/js/api.js index 0bbb2299..9a6b266b 100644 --- a/resources/js/api.js +++ b/resources/js/api.js @@ -20,11 +20,10 @@ Vue.axios.interceptors.response.use(response => response, error => { return Promise.reject(error); } - // Otherwise we push to a specific or generic error view - let routeName = 'genericError' - + // Push to the login view and force the page to refresh to get a fresh CSRF token if ( error.response.status === 401 ) { - routeName = 'login' + router.push({ name: 'login', params: { forceRefresh: true } }) + throw new Vue.axios.Cancel(); } if ( error.response.status === 407 ) { @@ -32,6 +31,9 @@ Vue.axios.interceptors.response.use(response => response, error => { throw new Vue.axios.Cancel(); } + // we push to a specific or generic error view + let routeName = 'genericError' + // api calls are stateless so when user inactivity is detected // by the backend middleware it cannot logout the user directly // so it returns a 418 response.