From fb448187078ace6574f145c39c319c38a287c84b Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 1 Aug 2015 12:35:06 -0400
Subject: Add config parameter to define session duration

---
 ChangeLog            |  1 +
 app/Core/Session.php | 11 +----------
 app/constants.php    |  4 ++++
 config.default.php   |  4 ++++
 docs/config.markdown |  9 +++++++++
 5 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index de32ed58..4f7027b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ New features:
 * Add login bruteforce protection with captcha and account lockdown
 * Add new api procedures: getDefaultTaskColor(), getDefaultTaskColors() and getColorList()
 * Add user api access
+* Add config parameter to define session duration
 
 Bug fixes:
 
diff --git a/app/Core/Session.php b/app/Core/Session.php
index 0e5f7426..df0ec5f7 100644
--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@@ -12,15 +12,6 @@ use ArrayAccess;
  */
 class Session implements ArrayAccess
 {
-    /**
-     * Sesion lifetime
-     *
-     * http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
-     *
-     * @var integer
-     */
-    const SESSION_LIFETIME = 0; // Until the browser is closed
-
     /**
      * Return true if the session is open
      *
@@ -43,7 +34,7 @@ class Session implements ArrayAccess
     {
         // HttpOnly and secure flags for session cookie
         session_set_cookie_params(
-            self::SESSION_LIFETIME,
+            SESSION_DURATION,
             $base_path ?: '/',
             null,
             Request::isHTTPS(),
diff --git a/app/constants.php b/app/constants.php
index e232aba6..e73e7b1a 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -93,3 +93,7 @@ defined('HIDE_LOGIN_FORM') or define('HIDE_LOGIN_FORM', false);
 defined('BRUTEFORCE_CAPTCHA') or define('BRUTEFORCE_CAPTCHA', 3);
 defined('BRUTEFORCE_LOCKDOWN') or define('BRUTEFORCE_LOCKDOWN', 6);
 defined('BRUTEFORCE_LOCKDOWN_DURATION') or define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
+
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+defined('SESSION_DURATION') or define('SESSION_DURATION', 0);
diff --git a/config.default.php b/config.default.php
index 76ec38cc..2ec7d674 100644
--- a/config.default.php
+++ b/config.default.php
@@ -168,3 +168,7 @@ define('BRUTEFORCE_LOCKDOWN', 6);
 
 // Lock account duration in minute
 define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
+
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+define('SESSION_DURATION', 0);
diff --git a/docs/config.markdown b/docs/config.markdown
index 44f72b32..5fb6bb18 100644
--- a/docs/config.markdown
+++ b/docs/config.markdown
@@ -210,6 +210,15 @@ define('BRUTEFORCE_LOCKDOWN', 6);
 define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
 ```
 
+Session
+-------
+
+```php
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+define('SESSION_DURATION', 0);
+```
+
 Various settings
 ----------------
 
-- 
cgit v1.2.3