Browse Source

session life time is now configurable and set to the same value

tags/v6.0.0alpha2
Thomas Mueller 11 years ago
parent
commit
794c189650
2 changed files with 17 additions and 5 deletions
  1. 3
    0
      config/config.sample.php
  2. 14
    5
      lib/base.php

+ 3
- 0
config/config.sample.php View File

/* Lifetime of the remember login cookie, default is 15 days */ /* Lifetime of the remember login cookie, default is 15 days */
"remember_login_cookie_lifetime" => 60*60*24*15, "remember_login_cookie_lifetime" => 60*60*24*15,


/* Life time of a session after inactivity */
"session_life_time" => 60 * 60 * 12,

/* Custom CSP policy, changing this will overwrite the standard policy */ /* Custom CSP policy, changing this will overwrite the standard policy */
"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *", "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",



+ 14
- 5
lib/base.php View File

exit(); exit();
} }


$sessionLifeTime = self::getSessionLifeTime();
// regenerate session id periodically to avoid session fixation // regenerate session id periodically to avoid session fixation
if (!self::$session->exists('SID_CREATED')) { if (!self::$session->exists('SID_CREATED')) {
self::$session->set('SID_CREATED', time()); self::$session->set('SID_CREATED', time());
} else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime) {
session_regenerate_id(true); session_regenerate_id(true);
self::$session->set('SID_CREATED', time()); self::$session->set('SID_CREATED', time());
} }


// session timeout // session timeout
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) { if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, $cookie_path); setcookie(session_name(), '', time() - 42000, $cookie_path);
} }
self::$session->set('LAST_ACTIVITY', time()); self::$session->set('LAST_ACTIVITY', time());
} }


/**
* @return int
*/
private static function getSessionLifeTime() {
return OC_Config::getValue('session_life_time', 60 * 60 * 12);
}

public static function getRouter() { public static function getRouter() {
if (!isset(OC::$router)) { if (!isset(OC::$router)) {
OC::$router = new OC_Router(); OC::$router = new OC_Router();
@ini_set('post_max_size', '10G'); @ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50'); @ini_set('file_uploads', '50');


//try to set the session lifetime to 60min
@ini_set('gc_maxlifetime', '3600');

//copy http auth headers for apache+php-fcgid work around //copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
exit; exit;
} }


//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);

// User and Groups // User and Groups
if (!OC_Config::getValue("installed", false)) { if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id',''); self::$session->set('user_id','');

Loading…
Cancel
Save