diff --git a/eq-author/src/App/MeContext.js b/eq-author/src/App/MeContext.js index 38a7c38e4f..58855fc070 100644 --- a/eq-author/src/App/MeContext.js +++ b/eq-author/src/App/MeContext.js @@ -90,9 +90,34 @@ const ContextProvider = ({ history, client, children }) => { useEffect(() => { // be aware that the return from auth.onAuthStateChanged will change on firebase ver 4.0 // https://firebase.google.com/docs/reference/js/v8/firebase.auth.Auth#onauthstatechanged + // This useEffect hook is responsible for handling the authentication state changes in Firebase. + // It listens for changes in the authentication state using the onAuthStateChanged method. + // When the authentication state changes, it updates the firebaseUser state and sets awaitingFirebase to false. auth.onAuthStateChanged((user) => { setFirebaseUser(user); setAwaitingFirebase(false); + // It also sets up a session timeout for the user if they are authenticated. + // If the user is not authenticated, the session timeout is cleared using clearTimeout. + let sessionTimeout = null; + if (user === null || user === undefined) { + sessionTimeout && clearTimeout(sessionTimeout); + sessionTimeout = null; + } else { + // If the user is authenticated, it retrieves the ID token result and calculates the session duration. + user.getIdTokenResult().then((idTokenResult) => { + const authTime = idTokenResult.claims.auth_time * 1000; + // The session duration is set to 7 days. + // The format of the session duration calculation is in milliseconds/seconds/minutes/hours/days. + const sessionDuration = 1000 * 60 * 60 * 24 * 7; // 604,800,000 milliseconds + const millisecondsUntilExpiration = + sessionDuration - (Date.now() - authTime); + // It then sets up a session timeout using setTimeout, which will automatically sign out the user after the session duration expires. + sessionTimeout = setTimeout( + () => auth.signOut(), + millisecondsUntilExpiration + ); + }); + } }); }, []);