use more sensible values for timeouts/renewals (#14638)

jsteemann · web-flow · commit 967afe013d43 · 2021-08-17T11:55:35.000+02:00
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/footerView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/footerView.js
@@ -56,20 +56,31 @@
           // only try to renew token if we are still online
           return;
         }
+        
+        var frac = (frontendConfig.sessionTimeout >= 1800) ? 0.95 : 0.8;
+        // threshold for renewal: once session is x% over
+        var renewalThreshold = frontendConfig.sessionTimeout * frac;
 
         var now = Date.now() / 1000;
         var lastActivity = arangoHelper.lastActivity();
 
-        if (lastActivity > 0 && (now - lastActivity) > 90 * 60) {
+        // seconds in which the last user activity counts as significant
+        var lastSignificantActivityTimePeriod = 90 * 60;
+
+        // if this is more than the renewal threshold, limit it
+        if (lastSignificantActivityTimePeriod > renewalThreshold * 0.95) {
+          lastSignificantActivityTimePeriod = renewalThreshold * 0.95;
+        }
+
+        if (lastActivity > 0 && (now - lastActivity) > lastSignificantActivityTimePeriod) {
           // don't make an attempt to renew the token if last 
           // user activity is longer than 90 minutes ago
           return;
         }
 
         // to save some superfluous HTTP requests to the server, 
         // try to renew only if session time is x% or more over
-        var frac = (frontendConfig.sessionTimeout >= 1800) ? 0.95 : 0.8;
-        if (now - self.lastTokenRenewal < frontendConfig.sessionTimeout * frac) {
+        if (now - self.lastTokenRenewal < renewalThreshold) {
           return;
         }
 
