From 794c189650d8eb2068da3a5df6ccd22966ee7f38 Mon Sep 17 00:00:00 2001
From: Thomas Mueller <thomas.mueller@tmit.eu>
Date: Wed, 26 Jun 2013 09:19:19 +0200
Subject: [PATCH] session life time is now configurable and set to the same
 value

---
 config/config.sample.php |  3 +++
 lib/base.php             | 19 ++++++++++++++-----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 7283400920..9254365e3e 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -145,6 +145,9 @@ $CONFIG = array(
 /* Lifetime of the remember login cookie, default is 15 days */
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
+/* Life time of a session after inactivity */
+"session_life_time" => 60 * 60 * 12,
+
 /* Custom CSP policy, changing this will overwrite the standard policy */
 "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",
 
diff --git a/lib/base.php b/lib/base.php
index fd4870974f..7097a376d6 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -311,16 +311,17 @@ class OC {
 			exit();
 		}
 
+		$sessionLifeTime = self::getSessionLifeTime();
 		// regenerate session id periodically to avoid session fixation
 		if (!self::$session->exists('SID_CREATED')) {
 			self::$session->set('SID_CREATED', time());
-		} else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
+		} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime) {
 			session_regenerate_id(true);
 			self::$session->set('SID_CREATED', time());
 		}
 
 		// session timeout
-		if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
+		if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
 			if (isset($_COOKIE[session_name()])) {
 				setcookie(session_name(), '', time() - 42000, $cookie_path);
 			}
@@ -332,6 +333,13 @@ class OC {
 		self::$session->set('LAST_ACTIVITY', time());
 	}
 
+	/**
+	 * @return int
+	 */
+	private static function getSessionLifeTime() {
+		return OC_Config::getValue('session_life_time', 60 * 60 * 12);
+	}
+
 	public static function getRouter() {
 		if (!isset(OC::$router)) {
 			OC::$router = new OC_Router();
@@ -393,9 +401,6 @@ class OC {
 		@ini_set('post_max_size', '10G');
 		@ini_set('file_uploads', '50');
 
-		//try to set the session lifetime to 60min
-		@ini_set('gc_maxlifetime', '3600');
-
 		//copy http auth headers for apache+php-fcgid work around
 		if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
 			$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
@@ -455,6 +460,10 @@ class OC {
 			exit;
 		}
 
+		//try to set the session lifetime
+		$sessionLifeTime = self::getSessionLifeTime();
+		@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
+
 		// User and Groups
 		if (!OC_Config::getValue("installed", false)) {
 			self::$session->set('user_id','');