diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | app/Core/Session.php | 11 | ||||
| -rw-r--r-- | app/constants.php | 4 | ||||
| -rw-r--r-- | config.default.php | 4 | ||||
| -rw-r--r-- | docs/config.markdown | 9 |
5 files changed, 19 insertions, 10 deletions
@@ -6,6 +6,7 @@ New features: * Add login bruteforce protection with captcha and account lockdown * Add new api procedures: getDefaultTaskColor(), getDefaultTaskColors() and getColorList() * Add user api access +* Add config parameter to define session duration Bug fixes: diff --git a/app/Core/Session.php b/app/Core/Session.php index 0e5f7426..df0ec5f7 100644 --- a/app/Core/Session.php +++ b/app/Core/Session.php @@ -13,15 +13,6 @@ use ArrayAccess; class Session implements ArrayAccess { /** - * Sesion lifetime - * - * http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime - * - * @var integer - */ - const SESSION_LIFETIME = 0; // Until the browser is closed - - /** * Return true if the session is open * * @static @@ -43,7 +34,7 @@ class Session implements ArrayAccess { // HttpOnly and secure flags for session cookie session_set_cookie_params( - self::SESSION_LIFETIME, + SESSION_DURATION, $base_path ?: '/', null, Request::isHTTPS(), diff --git a/app/constants.php b/app/constants.php index e232aba6..e73e7b1a 100644 --- a/app/constants.php +++ b/app/constants.php @@ -93,3 +93,7 @@ defined('HIDE_LOGIN_FORM') or define('HIDE_LOGIN_FORM', false); defined('BRUTEFORCE_CAPTCHA') or define('BRUTEFORCE_CAPTCHA', 3); defined('BRUTEFORCE_LOCKDOWN') or define('BRUTEFORCE_LOCKDOWN', 6); defined('BRUTEFORCE_LOCKDOWN_DURATION') or define('BRUTEFORCE_LOCKDOWN_DURATION', 15); + +// Session duration in second (0 = until the browser is closed) +// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime +defined('SESSION_DURATION') or define('SESSION_DURATION', 0); diff --git a/config.default.php b/config.default.php index 76ec38cc..2ec7d674 100644 --- a/config.default.php +++ b/config.default.php @@ -168,3 +168,7 @@ define('BRUTEFORCE_LOCKDOWN', 6); // Lock account duration in minute define('BRUTEFORCE_LOCKDOWN_DURATION', 15); + +// Session duration in second (0 = until the browser is closed) +// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime +define('SESSION_DURATION', 0); diff --git a/docs/config.markdown b/docs/config.markdown index 44f72b32..5fb6bb18 100644 --- a/docs/config.markdown +++ b/docs/config.markdown @@ -210,6 +210,15 @@ define('BRUTEFORCE_LOCKDOWN', 6); define('BRUTEFORCE_LOCKDOWN_DURATION', 15); ``` +Session +------- + +```php +// Session duration in second (0 = until the browser is closed) +// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime +define('SESSION_DURATION', 0); +``` + Various settings ---------------- |