Add config parameter to define session duration

2015-08-01 12:35:06 -04:00 · 2015-08-01 12:35:06 -04:00 · fb44818707
parent db88a00d48
commit fb44818707
5 changed files with 19 additions and 10 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ New features:
 * Add login bruteforce protection with captcha and account lockdown
 * Add new api procedures: getDefaultTaskColor(), getDefaultTaskColors() and getColorList()
 * Add user api access
+* Add config parameter to define session duration

 Bug fixes:

--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@ -12,15 +12,6 @@ use ArrayAccess;
 */
 class Session implements ArrayAccess
 {
-    /**
-     * Sesion lifetime
-     *
-     * http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
-     *
-     * @var integer
-     */
-    const SESSION_LIFETIME = 0; // Until the browser is closed
-
    /**
     * Return true if the session is open
     *
@ -43,7 +34,7 @@ class Session implements ArrayAccess
    {
        // HttpOnly and secure flags for session cookie
        session_set_cookie_params(
-            self::SESSION_LIFETIME,
+            SESSION_DURATION,
            $base_path ?: '/',
            null,
            Request::isHTTPS(),
--- a/app/constants.php
+++ b/app/constants.php
@ -93,3 +93,7 @@ defined('HIDE_LOGIN_FORM') or define('HIDE_LOGIN_FORM', false);
 defined('BRUTEFORCE_CAPTCHA') or define('BRUTEFORCE_CAPTCHA', 3);
 defined('BRUTEFORCE_LOCKDOWN') or define('BRUTEFORCE_LOCKDOWN', 6);
 defined('BRUTEFORCE_LOCKDOWN_DURATION') or define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
+
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+defined('SESSION_DURATION') or define('SESSION_DURATION', 0);
--- a/config.default.php
+++ b/config.default.php
@ -168,3 +168,7 @@ define('BRUTEFORCE_LOCKDOWN', 6);

 // Lock account duration in minute
 define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
+
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+define('SESSION_DURATION', 0);
--- a/docs/config.markdown
+++ b/docs/config.markdown
@ -210,6 +210,15 @@ define('BRUTEFORCE_LOCKDOWN', 6);
 define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
 ```

+Session
+-------
+
+```php
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+define('SESSION_DURATION', 0);
+```
+
 Various settings
 ----------------