diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-06-10 13:16:56 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-06-10 13:16:56 +0000 |
| commit | 74645eb017f2f8a0f9e7ce669c50c3827488b801 (patch) | |
| tree | a551422f1783886028107abd2874b4c9cdc35ee9 /app | |
| parent | 26ff9e1c260b6cbb02371f72047e3108a93aee75 (diff) | |
| download | redmine-74645eb017f2f8a0f9e7ce669c50c3827488b801.tar.gz redmine-74645eb017f2f8a0f9e7ce669c50c3827488b801.zip | |
Configurable session lifetime and timeout (#6597).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9797 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 53 | ||||
| -rw-r--r-- | app/views/settings/_authentication.html.erb | 11 |
2 files changed, 58 insertions, 6 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c54bb4421..e4d5fb542 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base cookies.delete(:autologin) end - before_filter :user_setup, :check_if_login_required, :set_localization + before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token rescue_from ::Unauthorized, :with => :deny_access @@ -44,6 +44,38 @@ class ApplicationController < ActionController::Base include Redmine::MenuManager::MenuController helper Redmine::MenuManager::MenuHelper + def session_expiration + if session[:user_id] + if session_expired? && !try_to_autologin + reset_session + flash[:error] = l(:error_session_expired) + redirect_to signin_url + else + session[:atime] = Time.now.utc.to_i + end + end + end + + def session_expired? + if Setting.session_lifetime? + unless session[:ctime] && (Time.now.utc.to_i - session[:ctime].to_i <= Setting.session_lifetime.to_i * 60) + return true + end + end + if Setting.session_timeout? + unless session[:atime] && (Time.now.utc.to_i - session[:atime].to_i <= Setting.session_timeout.to_i * 60) + return true + end + end + false + end + + def start_user_session(user) + session[:user_id] = user.id + session[:ctime] = Time.now.utc.to_i + session[:atime] = Time.now.utc.to_i + end + def user_setup # Check the settings cache for each request Setting.check_cache @@ -57,10 +89,7 @@ class ApplicationController < ActionController::Base if session[:user_id] # existing session (User.active.find(session[:user_id]) rescue nil) - elsif cookies[:autologin] && Setting.autologin? - # auto-login feature starts a new session - user = User.try_to_autologin(cookies[:autologin]) - session[:user_id] = user.id if user + elsif user = try_to_autologin user elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? # RSS key authentication does not start a session @@ -78,12 +107,24 @@ class ApplicationController < ActionController::Base end end + def try_to_autologin + if cookies[:autologin] && Setting.autologin? + # auto-login feature starts a new session + user = User.try_to_autologin(cookies[:autologin]) + if user + reset_session + start_user_session(user) + end + user + end + end + # Sets the logged in user def logged_user=(user) reset_session if user && user.is_a?(User) User.current = user - session[:user_id] = user.id + start_user_session(user) else User.current = User.anonymous end diff --git a/app/views/settings/_authentication.html.erb b/app/views/settings/_authentication.html.erb index fe27e3d88..bba896497 100644 --- a/app/views/settings/_authentication.html.erb +++ b/app/views/settings/_authentication.html.erb @@ -21,5 +21,16 @@ <p><%= setting_check_box :rest_api_enabled %></p> </div> +<fieldset class="box"> + <legend><%= l(:label_session_expiration) %></legend> + + <div class="tabular settings"> + <p><%= setting_select :session_lifetime, [[l(:label_disabled), 0]] + [1, 7, 30, 60, 365].collect{|days| [l('datetime.distance_in_words.x_days', :count => days), (days * 60 * 24).to_s]} %></p> + <p><%= setting_select :session_timeout, [[l(:label_disabled), 0]] + [1, 2, 4, 8, 12, 24, 48].collect{|hours| [l('datetime.distance_in_words.x_hours', :count => hours), (hours * 60).to_s]} %></p> + </div> + + <p><em class="info"><%= l(:text_session_expiration_settings) %></em></p> +</fieldset> + <%= submit_tag l(:button_save) %> <% end %> |