arangodb · jsteemann · Aug 17, 2021 · Aug 13, 2021
@@ -56,20 +56,31 @@
           // only try to renew token if we are still online
           return;
         }
+
+        var frac = (frontendConfig.sessionTimeout >= 1800) ? 0.95 : 0.8;
+        // threshold for renewal: once session is x% over
+        var renewalThreshold = frontendConfig.sessionTimeout * frac;
 
         var now = Date.now() / 1000;
         var lastActivity = arangoHelper.lastActivity();
 
-        if (lastActivity > 0 && (now - lastActivity) > 90 * 60) {
+        // seconds in which the last user activity counts as significant
+        var lastSignificantActivityTimePeriod = 90 * 60;
+
+        // if this is more than the renewal threshold, limit it
+        if (lastSignificantActivityTimePeriod > renewalThreshold * 0.95) {
+          lastSignificantActivityTimePeriod = renewalThreshold * 0.95;
+        }
+
+        if (lastActivity > 0 && (now - lastActivity) > lastSignificantActivityTimePeriod) {
           // don't make an attempt to renew the token if last 
           // user activity is longer than 90 minutes ago
           return;
         }
 
         // to save some superfluous HTTP requests to the server, 
         // try to renew only if session time is x% or more over
-        var frac = (frontendConfig.sessionTimeout >= 1800) ? 0.95 : 0.8;
-        if (now - self.lastTokenRenewal < frontendConfig.sessionTimeout * frac) {
+        if (now - self.lastTokenRenewal < renewalThreshold) {
           return;
         }