diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-07-01 02:05:06 +0400 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-07-01 02:05:06 +0400 |
commit | 60173be25ec27aaf6763ab57cd0a7f580c5c98e5 (patch) | |
tree | 087a5f5372ecb65590beaa08d1b7e3e5d9c9db76 /lib/base.php | |
parent | 87ef9305874909e19c43309f482f6fb05925ef60 (diff) |
Squashed commit of the following:
commit 557df5cc5e62fab80125d1ea86f8ed56ad3b10cc
Author: Thomas Mueller <thomas.mueller@tmit.eu>
Date: Fri Jun 28 15:17:54 2013 +0200
session_life_time -> session_lifetime
default session_lifetime is 24hrs
recreation of session is triggered at 50% of the session life time
Conflicts:
lib/base.php
commit fcd2e91459ef2ff41d9ca3d07e325c358ded091a
Author: Thomas Mueller <thomas.mueller@tmit.eu>
Date: Wed Jun 26 09:19:19 2013 +0200
session life time is now configurable and set to the same value
Conflicts:
lib/base.php
Diffstat (limited to 'lib/base.php')
-rw-r--r-- | lib/base.php | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/lib/base.php b/lib/base.php index 07abe631605..0c5aa1641ff 100644 --- a/lib/base.php +++ b/lib/base.php @@ -340,16 +340,17 @@ class OC { exit(); } + $sessionLifeTime = self::getSessionLifeTime(); // regenerate session id periodically to avoid session fixation if (!isset($_SESSION['SID_CREATED'])) { $_SESSION['SID_CREATED'] = time(); - } else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) { + } else if (time() - $_SESSION['SID_CREATED'] > $sessionLifeTime / 2) { session_regenerate_id(true); $_SESSION['SID_CREATED'] = time(); } // session timeout - if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) { + if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $sessionLifeTime)) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } @@ -360,6 +361,13 @@ class OC { $_SESSION['LAST_ACTIVITY'] = time(); } + /** + * @return int + */ + private static function getSessionLifeTime() { + return OC_Config::getValue('session_lifetime', 60 * 60 * 24); + } + public static function getRouter() { if (!isset(OC::$router)) { OC::$router = new OC_Router(); @@ -415,9 +423,6 @@ class OC { @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); - //try to set the session lifetime to 60min - @ini_set('gc_maxlifetime', '3600'); - //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; @@ -472,6 +477,10 @@ class OC { exit; } + //try to set the session lifetime + $sessionLifeTime = self::getSessionLifeTime(); + @ini_set('gc_maxlifetime', (string)$sessionLifeTime); + // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; |