Fixed https://github.com/nextcloud/server/issues/29356 Signed-off-by: Julius Härtl <jus@bitgrid.net>tags/v25.0.0beta3
@@ -256,6 +256,17 @@ $CONFIG = [ | |||
*/ | |||
'session_lifetime' => 60 * 60 * 24, | |||
/** | |||
* `true` enabled a relaxed session timeout, where the session timeout would no longer be | |||
* handled by Nextcloud but by either the PHP garbage collection or the expiration of | |||
* potential other session backends like redis. | |||
* | |||
* This may lead to sessions being available for longer than what session_lifetime uses but | |||
* comes with performance benefits as sessions are no longer a locking operation for concurrent | |||
* requests. | |||
*/ | |||
'session_relaxed_expiry' => false, | |||
/** | |||
* Enable or disable session keep-alive when a user is logged in to the Web UI. | |||
* Enabling this sends a "heartbeat" to the server to keep it from timing out. |
@@ -455,7 +455,9 @@ class OC { | |||
\OC::$server->getUserSession()->logout(); | |||
} | |||
$session->set('LAST_ACTIVITY', time()); | |||
if (!self::hasSessionRelaxedExpiry()) { | |||
$session->set('LAST_ACTIVITY', time()); | |||
} | |||
$session->close(); | |||
} | |||
@@ -466,6 +468,13 @@ class OC { | |||
return \OC::$server->getConfig()->getSystemValue('session_lifetime', 60 * 60 * 24); | |||
} | |||
/** | |||
* @return bool true if the session expiry should only be done by gc instead of an explicit timeout | |||
*/ | |||
public static function hasSessionRelaxedExpiry(): bool { | |||
return \OC::$server->getConfig()->getSystemValue('session_relaxed_expiry', false); | |||
} | |||
/** | |||
* Try to set some values to the required Nextcloud default | |||
*/ |
@@ -178,7 +178,7 @@ class Internal extends Session { | |||
*/ | |||
public function reopen(): bool { | |||
if ($this->sessionClosed) { | |||
$this->startSession(); | |||
$this->startSession(false, false); | |||
$this->sessionClosed = false; | |||
return true; | |||
} | |||
@@ -225,7 +225,11 @@ class Internal extends Session { | |||
} | |||
} | |||
private function startSession(bool $silence = false) { | |||
$this->invoke('session_start', [['cookie_samesite' => 'Lax']], $silence); | |||
private function startSession(bool $silence = false, bool $readAndClose = true) { | |||
$sessionParams = ['cookie_samesite' => 'Lax']; | |||
if (\OC::hasSessionRelaxedExpiry()) { | |||
$sessionParams['read_and_close'] = $readAndClose; | |||
} | |||
$this->invoke('session_start', [$sessionParams], $silence); | |||
} | |||
} |