Expire sessions after 1 hour (#42)

illicitonion · web-flow · commit 9ae50ef20b8b · 2025-12-09T14:13:49.000Z
It looks like something changed with either GitHub or browsers such that
GitHub is frequently giving 401s. I'm not sure whether that's because
they're expiring tokens more readily, or sessions are lasting longer
than they used to.

Ideally Octocrab would notice 401s and force a re-auth, but it doesn't
have an obvious hook for that. Instead, just expire sessions after an
hour so that we will stop seeing existing tokens, and will automatically
redirect people to fetch new tokens.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -44,6 +44,7 @@ serde_json = "1"
 serde_urlencoded = "0.7.1"
 sheets = "0.7.0"
 slack-with-types = "0.1.1"
+time = "0.3.44"
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 tower = "0.5.2"
 tower-http = { version = "0.6.6", features = ["fs"] }
diff --git a/src/bin/trainee-tracker.rs b/src/bin/trainee-tracker.rs
@@ -47,7 +47,7 @@ async fn main() {
     let session_store = MemoryStore::default();
     let session_layer = SessionManagerLayer::new(session_store)
         .with_secure(is_secure)
-        .with_expiry(Expiry::OnSessionEnd);
+        .with_expiry(Expiry::OnInactivity(time::Duration::HOUR));
 
     let app = axum::Router::new()
         .route("/api/ok", get(trainee_tracker::endpoints::health_check))
