From fdb02b9a3034a1ed3faab11233685fac0451a681 Mon Sep 17 00:00:00 2001
From: Mike McKay <mfmckay@wustl.edu>
Date: Fri, 20 May 2016 13:47:36 -0500
Subject: [PATCH] Made session timeout controllable through the AdminUI.

---
 .../org/nrg/xnat/initialization/XnatWebAppInitializer.java     | 1 -
 .../java/org/nrg/xnat/security/XnatSessionEventPublisher.java  | 3 ++-
 .../resources/META-INF/xnat/spawner/site-admin-elements.yaml   | 2 +-
 src/main/webapp/page/admin/data/config/site-admin.json         | 2 +-
 src/main/webapp/page/admin/fake.jsp                            | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java b/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java
index 78901edc..66eac2b4 100644
--- a/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java
+++ b/src/main/java/org/nrg/xnat/initialization/XnatWebAppInitializer.java
@@ -19,7 +19,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.support.PropertiesLoaderUtils;
-import org.springframework.stereotype.Service;
 import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 
diff --git a/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java b/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
index 19ccdfc7..437c17d7 100644
--- a/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
+++ b/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
@@ -10,6 +10,7 @@
  */
 package org.nrg.xnat.security;
 
+import org.nrg.xdat.XDAT;
 import org.nrg.xft.security.UserI;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -52,7 +53,7 @@ public class XnatSessionEventPublisher implements HttpSessionListener, ServletCo
         }
 
         session.setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
-
+        session.setMaxInactiveInterval(XDAT.getSiteConfigPreferences().getSessionTimeout()*60);//Preference is in minutes and setMaxInactiveInterval wants seconds.
         getContext(session.getServletContext()).publishEvent(e);
     }
 
diff --git a/src/main/resources/META-INF/xnat/spawner/site-admin-elements.yaml b/src/main/resources/META-INF/xnat/spawner/site-admin-elements.yaml
index 26b66ad2..d0530e4c 100644
--- a/src/main/resources/META-INF/xnat/spawner/site-admin-elements.yaml
+++ b/src/main/resources/META-INF/xnat/spawner/site-admin-elements.yaml
@@ -221,7 +221,7 @@ userLoginsSessionControls:
             id: sessionTimeout
             name: sessionTimeout
             label: Session Timeout
-            description: "Interval for timing out alias tokens"
+            description: "Number of minutes of inactivity before users are locked out of the site. This will not affect users that are currently logged in."
         aliasTokenTimeout:
             kind: panel.input.text
             id: aliasTokenTimeout
diff --git a/src/main/webapp/page/admin/data/config/site-admin.json b/src/main/webapp/page/admin/data/config/site-admin.json
index 47ea35fd..889d9ee1 100644
--- a/src/main/webapp/page/admin/data/config/site-admin.json
+++ b/src/main/webapp/page/admin/data/config/site-admin.json
@@ -451,7 +451,7 @@
                             "attr": {
                                 "size": "3"
                             },
-                            "description": "Interval for timing out alias tokens. Uses PostgreSQL interval notation: http://www.postgresql.org/docs/9.0/static/functions-datetime.html"
+                            "description": "Number of minutes of inactivity before users are locked out of the site. This will not affect users that are currently logged in."
                         },
                         {
                             "kind": "textarea",
diff --git a/src/main/webapp/page/admin/fake.jsp b/src/main/webapp/page/admin/fake.jsp
index 5d63f24f..18e16850 100644
--- a/src/main/webapp/page/admin/fake.jsp
+++ b/src/main/webapp/page/admin/fake.jsp
@@ -199,7 +199,7 @@
                                     <label class="element-label" for="session-timeout-input">Session Timeout</label>
                                     <div class="element-wrapper">
                                         <input name="sessionTimeout" id="session-timeout-input" type="text" size="3" title="Session Timeout">
-                                        <div class="description">Interval for timing out alias tokens. Uses PostgreSQL interval notation: http://www.postgresql.org/docs/9.0/static/functions-datetime.html</div>
+                                        <div class="description">Number of minutes of inactivity before users are locked out of the site. This will not affect users that are currently logged in.</div>
                                     </div>
                                 </div>
                                 <div class="panel-element" data-name="sessionTimeoutMessage">
-- 
GitLab