From 861a929a43676c82d671fa87b13c75d82f5b716d Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Wed, 19 Jan 2022 16:57:50 -0500 Subject: [PATCH] docker: Sync `settings.json.docker` with `.template` --- settings.json.docker | 49 ++++++++++++++++++++++++++++++++++++++++-- settings.json.template | 1 - 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/settings.json.docker b/settings.json.docker index 1642579e1..d7a8b0a67 100644 --- a/settings.json.docker +++ b/settings.json.docker @@ -374,7 +374,49 @@ * significant usability drawbacks vs. "Lax". See * https://stackoverflow.com/q/41841880 for discussion. */ - "sameSite": "${COOKIE_SAME_SITE:Lax}" + "sameSite": "${COOKIE_SAME_SITE:Lax}", + + /* + * How long (in milliseconds) after navigating away from Etherpad before the + * user is required to log in again. (The express_sid cookie is set to + * expire at time now + sessionLifetime when first created, and its + * expiration time is periodically refreshed to a new now + sessionLifetime + * value.) If requireAuthentication is false then this value does not really + * matter. + * + * The "best" value depends on your users' usage patterns and the amount of + * convenience you desire. A long lifetime is more convenient (users won't + * have to log back in as often) but has some drawbacks: + * - It increases the amount of state kept in the database. + * - It might weaken security somewhat: The cookie expiration is refreshed + * indefinitely without consulting authentication or authorization + * hooks, so once a user has accessed a pad, the user can continue to + * use the pad until the user leaves for longer than sessionLifetime. + * + * Session lifetime can be set to infinity (not recommended) by setting this + * to null or 0. Note that if the session does not expire, most browsers + * will delete the cookie when the browser exits, but a session record is + * kept in the database forever. + */ + "sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s + + /* + * How long (in milliseconds) before the expiration time of an active user's + * session is refreshed (to now + sessionLifetime). This setting affects the + * following: + * - How often a new session expiration time will be written to the + * database. + * - How often each user's browser will ping the Etherpad server to + * refresh the expiration time of the session cookie. + * + * High values reduce the load on the database and the load from browsers, + * but can shorten the effective session lifetime if Etherpad is restarted + * or the user navigates away. + * + * Automatic session refreshes can be disabled (not recommended) by setting + * this to null. + */ + "sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s }, /* @@ -587,5 +629,8 @@ "loglevel": "${LOGLEVEL:INFO}", /* Override any strings found in locale directories */ - "customLocaleStrings": {} + "customLocaleStrings": {}, + + /* Disable Admin UI tests */ + "enableAdminUITests": false } diff --git a/settings.json.template b/settings.json.template index c9825264a..b2cb9555a 100644 --- a/settings.json.template +++ b/settings.json.template @@ -592,7 +592,6 @@ "points": 10 }, - /* * Toolbar buttons configuration. *