Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/config.sample.php3
-rw-r--r--lib/base.php19
2 files changed, 17 insertions, 5 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 1272386715b..aa81cb781a2 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -135,6 +135,9 @@ $CONFIG = array(
/* Lifetime of the remember login cookie, default is 15 days */
"remember_login_cookie_lifetime" => 60*60*24*15,
+/* Life time of a session after inactivity */
+"session_lifetime" => 60 * 60 * 24,
+
/* Custom CSP policy, changing this will overwrite the standard policy */
"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",
diff --git a/lib/base.php b/lib/base.php
index 07abe631605..0c5aa1641ff 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -340,16 +340,17 @@ class OC {
exit();
}
+ $sessionLifeTime = self::getSessionLifeTime();
// regenerate session id periodically to avoid session fixation
if (!isset($_SESSION['SID_CREATED'])) {
$_SESSION['SID_CREATED'] = time();
- } else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) {
+ } else if (time() - $_SESSION['SID_CREATED'] > $sessionLifeTime / 2) {
session_regenerate_id(true);
$_SESSION['SID_CREATED'] = time();
}
// session timeout
- if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) {
+ if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
@@ -360,6 +361,13 @@ class OC {
$_SESSION['LAST_ACTIVITY'] = time();
}
+ /**
+ * @return int
+ */
+ private static function getSessionLifeTime() {
+ return OC_Config::getValue('session_lifetime', 60 * 60 * 24);
+ }
+
public static function getRouter() {
if (!isset(OC::$router)) {
OC::$router = new OC_Router();
@@ -415,9 +423,6 @@ class OC {
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
- //try to set the session lifetime to 60min
- @ini_set('gc_maxlifetime', '3600');
-
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
@@ -472,6 +477,10 @@ class OC {
exit;
}
+ //try to set the session lifetime
+ $sessionLifeTime = self::getSessionLifeTime();
+ @ini_set('gc_maxlifetime', (string)$sessionLifeTime);
+
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 14:07:45 +0300