From 43883a90d20bba0a9e2fdf050551031ae5437e97 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Fri, 18 Apr 2014 21:32:45 +0000
Subject: [PATCH] SusiMail: Successfully extend session expiration (ticket
 #1253) by renaming the cookie, so we don't have a common session ID with the
 base context and get it expired there.

---
 apps/susimail/src/WEB-INF/web.xml                  | 14 ++++++++++++++
 .../susimail/src/src/i2p/susi/webmail/WebMail.java | 14 +++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/apps/susimail/src/WEB-INF/web.xml b/apps/susimail/src/WEB-INF/web.xml
index d5fa807a26..75aa1fd484 100644
--- a/apps/susimail/src/WEB-INF/web.xml
+++ b/apps/susimail/src/WEB-INF/web.xml
@@ -15,6 +15,20 @@
   <session-config>
     <session-timeout>1440</session-timeout>
   </session-config>
+  <!-- tomcat (untested) -->
+  <context-param>
+    <param-name>crossContext</param-name>
+    <param-value>false</param-value>
+  </context-param>
+  <!-- jetty
+    -  This is required so the same session ID isn't shared with
+    -  the base context. When shared, it's expired after 30 minutes
+    -  in the base context which invalidates it in our context too.
+    -->
+  <context-param>
+    <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name>
+    <param-value>SUSIMAILJSESSIONID</param-value>
+  </context-param>
 
 <!--
      Jetty 6 mulipart form handling
diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
index aaaef423fd..478e24126f 100644
--- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
+++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
@@ -1280,13 +1280,13 @@ public class WebMail extends HttpServlet
 			int newState = sessionObject.state;
 			if (oldState != newState)
 				Debug.debug(Debug.DEBUG, "STATE CHANGE from " + oldState + " to " + newState);
-			if (oldState == STATE_AUTH && newState != STATE_AUTH) {
-				// this isn't working in web.xml, so try setting it here
-				int oldIdle = httpSession.getMaxInactiveInterval();
-				httpSession.setMaxInactiveInterval(60*60*24);  // seconds
-				int newIdle = httpSession.getMaxInactiveInterval();
-				Debug.debug(Debug.DEBUG, "Changed idle from " + oldIdle + " to " + newIdle);
-			}
+			// Set in web.xml
+			//if (oldState == STATE_AUTH && newState != STATE_AUTH) {
+			//	int oldIdle = httpSession.getMaxInactiveInterval();
+			//	httpSession.setMaxInactiveInterval(60*60*24);  // seconds
+			//	int newIdle = httpSession.getMaxInactiveInterval();
+			//	Debug.debug(Debug.DEBUG, "Changed idle from " + oldIdle + " to " + newIdle);
+			//}
 			
 			if( sessionObject.state != STATE_AUTH )
 				processGenericButtons( sessionObject, request );
-- 
GitLab