]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afc3d93)
session life time is now configurable and set to the same value
authorThomas Mueller <thomas.mueller@tmit.eu>
Wed, 26 Jun 2013 07:19:19 +0000 (09:19 +0200)
committerThomas Mueller <thomas.mueller@tmit.eu>
Wed, 26 Jun 2013 07:21:38 +0000 (09:21 +0200)
config/config.sample.php patch | blob | history
lib/base.php patch | blob | history

diff --git a/config/config.sample.php b/config/config.sample.php
index 72834009201931033319d1e8e69b78ed5346bc00..9254365e3e2c51461686d3ff88b7d95f83a7a288 100644 (file)
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -145,6 +145,9 @@ $CONFIG = array(
 /* Lifetime of the remember login cookie, default is 15 days */
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
+/* Life time of a session after inactivity */
+"session_life_time" => 60 * 60 * 12,
+
 /* Custom CSP policy, changing this will overwrite the standard policy */
 "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",
 
diff --git a/lib/base.php b/lib/base.php
index fd4870974fe1b2b8b456a1cd4f868865da5f531a..7097a376d6ebbf24a98444a42a1c81955931bbca 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -311,16 +311,17 @@ class OC {
                        exit();
                }
 
+               $sessionLifeTime = self::getSessionLifeTime();
                // regenerate session id periodically to avoid session fixation
                if (!self::$session->exists('SID_CREATED')) {
                        self::$session->set('SID_CREATED', time());
-               } else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
+               } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime) {
                        session_regenerate_id(true);
                        self::$session->set('SID_CREATED', time());
                }
 
                // session timeout
-               if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
+               if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
                        if (isset($_COOKIE[session_name()])) {
                                setcookie(session_name(), '', time() - 42000, $cookie_path);
                        }
@@ -332,6 +333,13 @@ class OC {
                self::$session->set('LAST_ACTIVITY', time());
        }
 
+       /**
+        * @return int
+        */
+       private static function getSessionLifeTime() {
+               return OC_Config::getValue('session_life_time', 60 * 60 * 12);
+       }
+
        public static function getRouter() {
                if (!isset(OC::$router)) {
                        OC::$router = new OC_Router();
@@ -393,9 +401,6 @@ class OC {
                @ini_set('post_max_size', '10G');
                @ini_set('file_uploads', '50');
 
-               //try to set the session lifetime to 60min
-               @ini_set('gc_maxlifetime', '3600');
-
                //copy http auth headers for apache+php-fcgid work around
                if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
                        $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
@@ -455,6 +460,10 @@ class OC {
                        exit;
                }
 
+               //try to set the session lifetime
+               $sessionLifeTime = self::getSessionLifeTime();
+               @ini_set('gc_maxlifetime', (string)$sessionLifeTime);
+
                // User and Groups
                if (!OC_Config::getValue("installed", false)) {
                        self::$session->set('user_id','');
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server