Disable SESSION_LIFETIME environment var which interferes with autolock

.env.example

@@ -162,7 +162,6 @@ TRUSTED_PROXIES=null
 
 BROADCAST_DRIVER=log
 QUEUE_DRIVER=sync
-SESSION_LIFETIME=120
 
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null

.env.testing

@@ -31,7 +31,6 @@ BROADCAST_DRIVER=log
 CACHE_DRIVER=array
 QUEUE_CONNECTION=sync
 SESSION_DRIVER=array
-SESSION_LIFETIME=120
 
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null

config/session.php

@@ -31,7 +31,7 @@
     |
     */
 
-    'lifetime' => env('SESSION_LIFETIME', 120),
+    'lifetime' => 1 * (60 * 24 * 90),
 
     'expire_on_close' => false,
 

resources/js/api.js

@@ -20,11 +20,10 @@ Vue.axios.interceptors.response.use(response => response, error => {
         return Promise.reject(error);
     }
 
-    // Otherwise we push to a specific or generic error view
+    // Push to the login view and force the page to refresh to get a fresh CSRF token
-    let routeName = 'genericError'
-
     if ( error.response.status === 401 ) {
-        routeName = 'login'
+        router.push({ name: 'login', params: { forceRefresh: true } })
+        throw new Vue.axios.Cancel();
     }
 
     if ( error.response.status === 407 ) {
@@ -32,6 +31,9 @@ Vue.axios.interceptors.response.use(response => response, error => {
         throw new Vue.axios.Cancel();
     }
 
+    // we push to a specific or generic error view
+    let routeName = 'genericError'
+
     // api calls are stateless so when user inactivity is detected
     // by the backend middleware it cannot logout the user directly
     // so it returns a 418 response.