From: Thomas Müller Date: Sun, 30 Jun 2013 22:05:06 +0000 (+0200) Subject: Squashed commit of the following: X-Git-Tag: v5.0.8~53 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=60173be25ec27aaf6763ab57cd0a7f580c5c98e5;p=nextcloud-server.git Squashed commit of the following: commit 557df5cc5e62fab80125d1ea86f8ed56ad3b10cc Author: Thomas Mueller Date: Fri Jun 28 15:17:54 2013 +0200 session_life_time -> session_lifetime default session_lifetime is 24hrs recreation of session is triggered at 50% of the session life time Conflicts: lib/base.php commit fcd2e91459ef2ff41d9ca3d07e325c358ded091a Author: Thomas Mueller Date: Wed Jun 26 09:19:19 2013 +0200 session life time is now configurable and set to the same value Conflicts: lib/base.php --- diff --git a/config/config.sample.php b/config/config.sample.php index 1272386715b..aa81cb781a2 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -135,6 +135,9 @@ $CONFIG = array( /* Lifetime of the remember login cookie, default is 15 days */ "remember_login_cookie_lifetime" => 60*60*24*15, +/* Life time of a session after inactivity */ +"session_lifetime" => 60 * 60 * 24, + /* Custom CSP policy, changing this will overwrite the standard policy */ "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *", diff --git a/lib/base.php b/lib/base.php index 07abe631605..0c5aa1641ff 100644 --- a/lib/base.php +++ b/lib/base.php @@ -340,16 +340,17 @@ class OC { exit(); } + $sessionLifeTime = self::getSessionLifeTime(); // regenerate session id periodically to avoid session fixation if (!isset($_SESSION['SID_CREATED'])) { $_SESSION['SID_CREATED'] = time(); - } else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) { + } else if (time() - $_SESSION['SID_CREATED'] > $sessionLifeTime / 2) { session_regenerate_id(true); $_SESSION['SID_CREATED'] = time(); } // session timeout - if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) { + if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $sessionLifeTime)) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } @@ -360,6 +361,13 @@ class OC { $_SESSION['LAST_ACTIVITY'] = time(); } + /** + * @return int + */ + private static function getSessionLifeTime() { + return OC_Config::getValue('session_lifetime', 60 * 60 * 24); + } + public static function getRouter() { if (!isset(OC::$router)) { OC::$router = new OC_Router(); @@ -415,9 +423,6 @@ class OC { @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); - //try to set the session lifetime to 60min - @ini_set('gc_maxlifetime', '3600'); - //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; @@ -472,6 +477,10 @@ class OC { exit; } + //try to set the session lifetime + $sessionLifeTime = self::getSessionLifeTime(); + @ini_set('gc_maxlifetime', (string)$sessionLifeTime); + // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = '';