session life time is now configurable and set to the same value
This commit is contained in:
parent
afc3d9314a
commit
794c189650
|
@ -145,6 +145,9 @@ $CONFIG = array(
|
|||
/* Lifetime of the remember login cookie, default is 15 days */
|
||||
"remember_login_cookie_lifetime" => 60*60*24*15,
|
||||
|
||||
/* Life time of a session after inactivity */
|
||||
"session_life_time" => 60 * 60 * 12,
|
||||
|
||||
/* Custom CSP policy, changing this will overwrite the standard policy */
|
||||
"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",
|
||||
|
||||
|
|
19
lib/base.php
19
lib/base.php
|
@ -311,16 +311,17 @@ class OC {
|
|||
exit();
|
||||
}
|
||||
|
||||
$sessionLifeTime = self::getSessionLifeTime();
|
||||
// regenerate session id periodically to avoid session fixation
|
||||
if (!self::$session->exists('SID_CREATED')) {
|
||||
self::$session->set('SID_CREATED', time());
|
||||
} else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
|
||||
} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime) {
|
||||
session_regenerate_id(true);
|
||||
self::$session->set('SID_CREATED', time());
|
||||
}
|
||||
|
||||
// session timeout
|
||||
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
|
||||
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
|
||||
if (isset($_COOKIE[session_name()])) {
|
||||
setcookie(session_name(), '', time() - 42000, $cookie_path);
|
||||
}
|
||||
|
@ -332,6 +333,13 @@ class OC {
|
|||
self::$session->set('LAST_ACTIVITY', time());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*/
|
||||
private static function getSessionLifeTime() {
|
||||
return OC_Config::getValue('session_life_time', 60 * 60 * 12);
|
||||
}
|
||||
|
||||
public static function getRouter() {
|
||||
if (!isset(OC::$router)) {
|
||||
OC::$router = new OC_Router();
|
||||
|
@ -393,9 +401,6 @@ class OC {
|
|||
@ini_set('post_max_size', '10G');
|
||||
@ini_set('file_uploads', '50');
|
||||
|
||||
//try to set the session lifetime to 60min
|
||||
@ini_set('gc_maxlifetime', '3600');
|
||||
|
||||
//copy http auth headers for apache+php-fcgid work around
|
||||
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
|
||||
|
@ -455,6 +460,10 @@ class OC {
|
|||
exit;
|
||||
}
|
||||
|
||||
//try to set the session lifetime
|
||||
$sessionLifeTime = self::getSessionLifeTime();
|
||||
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
|
||||
|
||||
// User and Groups
|
||||
if (!OC_Config::getValue("installed", false)) {
|
||||
self::$session->set('user_id','');
|
||||
|
|
Loading…
Reference in New Issue