]> source.dussan.org Git - nextcloud-server.git/commitdiff
Squashed commit of the following:
authorThomas Müller <thomas.mueller@tmit.eu>
Sun, 30 Jun 2013 22:05:06 +0000 (00:05 +0200)
committerThomas Müller <thomas.mueller@tmit.eu>
Sun, 30 Jun 2013 22:05:06 +0000 (00:05 +0200)
commit 557df5cc5e62fab80125d1ea86f8ed56ad3b10cc
Author: Thomas Mueller <thomas.mueller@tmit.eu>
Date:   Fri Jun 28 15:17:54 2013 +0200

    session_life_time -> session_lifetime
    default session_lifetime is 24hrs
    recreation of session is triggered at 50% of the session life time

    Conflicts:
     lib/base.php

commit fcd2e91459ef2ff41d9ca3d07e325c358ded091a
Author: Thomas Mueller <thomas.mueller@tmit.eu>
Date:   Wed Jun 26 09:19:19 2013 +0200

    session life time is now configurable and set to the same value

    Conflicts:
     lib/base.php

config/config.sample.php
lib/base.php

index 1272386715b108a7903c1489a0836a34ad4d4ae8..aa81cb781a21932c1563035847f823ade66e6b34 100644 (file)
@@ -135,6 +135,9 @@ $CONFIG = array(
 /* Lifetime of the remember login cookie, default is 15 days */
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
+/* Life time of a session after inactivity */
+"session_lifetime" => 60 * 60 * 24,
+
 /* Custom CSP policy, changing this will overwrite the standard policy */
 "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",
 
index 07abe631605676a9d0083660475a955add379930..0c5aa1641ff67dc1dd3984751de0c683aebd8a0f 100644 (file)
@@ -340,16 +340,17 @@ class OC {
                        exit();
                }
 
+               $sessionLifeTime = self::getSessionLifeTime();
                // regenerate session id periodically to avoid session fixation
                if (!isset($_SESSION['SID_CREATED'])) {
                        $_SESSION['SID_CREATED'] = time();
-               } else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) {
+               } else if (time() - $_SESSION['SID_CREATED'] > $sessionLifeTime / 2) {
                        session_regenerate_id(true);
                        $_SESSION['SID_CREATED'] = time();
                }
 
                // session timeout
-               if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) {
+               if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $sessionLifeTime)) {
                        if (isset($_COOKIE[session_name()])) {
                                setcookie(session_name(), '', time() - 42000, '/');
                        }
@@ -360,6 +361,13 @@ class OC {
                $_SESSION['LAST_ACTIVITY'] = time();
        }
 
+       /**
+        * @return int
+        */
+       private static function getSessionLifeTime() {
+               return OC_Config::getValue('session_lifetime', 60 * 60 * 24);
+       }
+
        public static function getRouter() {
                if (!isset(OC::$router)) {
                        OC::$router = new OC_Router();
@@ -415,9 +423,6 @@ class OC {
                @ini_set('post_max_size', '10G');
                @ini_set('file_uploads', '50');
 
-               //try to set the session lifetime to 60min
-               @ini_set('gc_maxlifetime', '3600');
-
                //copy http auth headers for apache+php-fcgid work around
                if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
                        $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
@@ -472,6 +477,10 @@ class OC {
                        exit;
                }
 
+               //try to set the session lifetime
+               $sessionLifeTime = self::getSessionLifeTime();
+               @ini_set('gc_maxlifetime', (string)$sessionLifeTime);
+
                // User and Groups
                if (!OC_Config::getValue("installed", false)) {
                        $_SESSION['user_id'] = '';