Detect expired session use (#14502)

* Add INI config option and add tests. * Detect expired sessions. * Update config docs. * Apply review feedback including storing expiration in session fingerprint. * fixing tests. * fix unit tests * fix test
author: diosmosis <diosmosis@users.noreply.github.com> 2019-06-17 07:03:06 +0300
committer: GitHub <noreply@github.com> 2019-06-17 07:03:06 +0300
commit: 824204a88d80b229df3708d1edcf5416eeb2ea44 (patch)
tree: 52b1cfd1bcb0e5961920094a9f69517d5cbefd55 /config
parent: d61a9ea28a798f5598e2cb69c0ca6b3342b6c157 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/config/global.ini.php b/config/global.ini.php
index f32b4104b7..55d0db08a2 100755
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -397,6 +397,10 @@ login_cookie_expire = 1209600
 ; Sets the session cookie path
 login_cookie_path =
 
+; the amount of time before an idle session is considered expired. only affects session that were created without the
+; "remember me" option checked
+login_session_not_remembered_idle_timeout = 3600
+
 ; email address that appears as a Sender in the password recovery email
 ; if specified, {DOMAIN} will be replaced by the current Matomo domain
 login_password_recovery_email_address = "password-recovery@{DOMAIN}"
author	diosmosis <diosmosis@users.noreply.github.com>	2019-06-17 07:03:06 +0300
committer	GitHub <noreply@github.com>	2019-06-17 07:03:06 +0300
commit	824204a88d80b229df3708d1edcf5416eeb2ea44 (patch)
tree	52b1cfd1bcb0e5961920094a9f69517d5cbefd55 /config
parent	d61a9ea28a798f5598e2cb69c0ca6b3342b6c157 (diff)