Fixes #3524 - Default session timeouts to 4 weeks.

app/assets/javascripts/app/controllers/_plugin/session_timeout.coffee

@@ -1,22 +1,25 @@
 class SessionTimeout extends App.Controller
+  lastEvent  = 0
+
   constructor: ->
     super
 
-    lastEvent = 0
+    lastEvent = new Date().getTime()
     check_timeout = =>
       return if new Date().getTime() - 1000 < lastEvent
       lastEvent = new Date().getTime()
-      @setDelay()
+      @checkLogout()
 
     $(document).off('keyup.session_timeout').on('keyup.session_timeout', check_timeout)
     $(document).off('mousemove.session_timeout').on('mousemove.session_timeout', check_timeout)
     @controllerBind('config_update', check_timeout)
     @controllerBind('session_timeout', @quitApp)
-    @setDelay()
+    @interval(@checkLogout, 5000, 'session_timeout')
 
-  setDelay: =>
+  checkLogout: =>
     return if App.Session.get() is undefined
-    @delay(@quitApp, @getTimeout(), 'session_timeout')
+    return if lastEvent + @getTimeout() > new Date().getTime()
+    @quitApp()
 
   quitApp: =>
     return if App.Session.get() is undefined

db/migrate/20210426000002_update_session_timeout_defaults.rb

@@ -0,0 +1,14 @@
+class UpdateSessionTimeoutDefaults < ActiveRecord::Migration[5.2]
+  def change
+    return if !Setting.exists?(name: 'system_init_done')
+
+    defaults = Setting.get('session_timeout')
+    %w[default admin ticket.agent ticket.customer].each do |key|
+      next if defaults[key].to_i != 172_800
+
+      defaults[key] = 4.weeks.seconds
+    end
+
+    Setting.set('session_timeout', defaults)
+  end
+end

db/seeds/settings.rb

@@ -1078,10 +1078,10 @@ Setting.create_if_not_exists(
     prio: 30,
   },
   state:       {
-    'default'         => 2.days.seconds,
-    'admin'           => 2.days.seconds,
-    'ticket.agent'    => 2.days.seconds,
-    'ticket.customer' => 2.days.seconds,
+    'default'         => 4.weeks.seconds,
+    'admin'           => 4.weeks.seconds,
+    'ticket.agent'    => 4.weeks.seconds,
+    'ticket.customer' => 4.weeks.seconds,
   },
   frontend:    true
 )

spec/system/dashboard_spec.rb

@@ -49,7 +49,7 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
       end
 
       it 'does logout user' do
-        expect(page).to have_text('Sign in', wait: 15)
+        expect(page).to have_text('Sign in', wait: 20)
       end
 
       it 'does not logout user', authenticated_as: :admin do
@@ -62,7 +62,7 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
       it 'does logout user' do
         expect(page).to have_no_text('Sign in')
         Setting.set('session_timeout', { default: '1' })
-        expect(page).to have_text('Sign in', wait: 15)
+        expect(page).to have_text('Sign in', wait: 20)
       end
     end
 
@@ -73,7 +73,7 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
       end
 
       it 'does logout user' do
-        expect(page).to have_text('Sign in', wait: 15)
+        expect(page).to have_text('Sign in', wait: 20)
       end
     end
 
@@ -84,7 +84,7 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
       end
 
       it 'does logout user' do
-        expect(page).to have_text('Sign in', wait: 15)
+        expect(page).to have_text('Sign in', wait: 20)
       end
     end
 
@@ -95,7 +95,7 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
       end
 
       it 'does logout user' do
-        expect(page).to have_text('Sign in', wait: 15)
+        expect(page).to have_text('Sign in', wait: 20)
       end
     end
 
@@ -109,7 +109,7 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
         # backend tests for the rest
         session = ActiveRecord::SessionStore::Session.all.detect { |s| s.data['user_id'] == admin.id }
         SessionTimeoutJob.destroy_session(admin, session)
-        expect(page).to have_text('Sign in', wait: 15)
+        expect(page).to have_text('Sign in', wait: 20)
       end
     end
   end