diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-06-30 14:41:51 -0700 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-06-30 14:41:51 -0700 |
| commit | 121d3904c98d237643bcd6583b6a382f7a4119a7 (patch) | |
| tree | 1a74254ade293f6decb62c904e43dc3e322a52f8 | |
| parent | 8beec2015a43839818f9b6f14283b8980ec185b3 (diff) | |
| parent | 3b91ce695f784fc68d3bdfff0fe5ed0c37a89aff (diff) | |
| download | nextcloud-server-121d3904c98d237643bcd6583b6a382f7a4119a7.tar.gz nextcloud-server-121d3904c98d237643bcd6583b6a382f7a4119a7.zip | |
Merge pull request #3852 from owncloud/fixing-3830-master
session life time is now configurable and set to the same value
| -rw-r--r-- | config/config.sample.php | 3 | ||||
| -rw-r--r-- | lib/base.php | 19 |
2 files changed, 17 insertions, 5 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 72834009201..dfa29f329c4 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -145,6 +145,9 @@ $CONFIG = array( /* Lifetime of the remember login cookie, default is 15 days */ "remember_login_cookie_lifetime" => 60*60*24*15, +/* Life time of a session after inactivity */ +"session_lifetime" => 60 * 60 * 24, + /* Custom CSP policy, changing this will overwrite the standard policy */ "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *", diff --git a/lib/base.php b/lib/base.php index fd4870974fe..af54f439155 100644 --- a/lib/base.php +++ b/lib/base.php @@ -311,16 +311,17 @@ class OC { exit(); } + $sessionLifeTime = self::getSessionLifeTime(); // regenerate session id periodically to avoid session fixation if (!self::$session->exists('SID_CREATED')) { self::$session->set('SID_CREATED', time()); - } else if (time() - self::$session->get('SID_CREATED') > 60*60*12) { + } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) { session_regenerate_id(true); self::$session->set('SID_CREATED', time()); } // session timeout - if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) { + if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, $cookie_path); } @@ -332,6 +333,13 @@ class OC { self::$session->set('LAST_ACTIVITY', time()); } + /** + * @return int + */ + private static function getSessionLifeTime() { + return OC_Config::getValue('session_lifetime', 60 * 60 * 24); + } + public static function getRouter() { if (!isset(OC::$router)) { OC::$router = new OC_Router(); @@ -393,9 +401,6 @@ class OC { @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); - //try to set the session lifetime to 60min - @ini_set('gc_maxlifetime', '3600'); - //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; @@ -455,6 +460,10 @@ class OC { exit; } + //try to set the session lifetime + $sessionLifeTime = self::getSessionLifeTime(); + @ini_set('gc_maxlifetime', (string)$sessionLifeTime); + // User and Groups if (!OC_Config::getValue("installed", false)) { self::$session->set('user_id',''); |