fix(ZNTA-634): change auth'd sessions timeout

The value set to authenticated sessions is the largest value between the configured authenticated session timeout and the anonymous session timeout.
zanata · Oct 2, 2015 · 32752c1 · 32752c1
1 parent 6e2d075
commit 32752c1
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java b/zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java
@@ -64,6 +64,8 @@
 import com.google.common.collect.Sets;
 import org.zanata.security.OpenIdLoginModule;
 
+import static java.lang.Math.max;
+
 @Name("applicationConfiguration")
 @Scope(ScopeType.APPLICATION)
 @Startup
@@ -422,7 +424,8 @@ public void setAuthenticatedSessionTimeout(
                 .getRequest()
                 .getSession()
                 .setMaxInactiveInterval(
-                        authenticatedSessionTimeoutMinutes * 60);
+                        max(authenticatedSessionTimeoutMinutes * 60,
+                                defaultAnonymousSessionTimeoutMinutes * 60));
     }
 
     @Observer(LogoutEvent.EVENT_NAME)