Inconsistencies in how we handle $CFG->session_timeout

Bug #1590293 reported by Aaron Wells on 2016-06-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Medium
Aaron Wells
16.04
Medium
Aaron Wells
16.10
Medium
Aaron Wells

Bug Description

While researching bug 1588613 I noticed several inconsistencies in how we handle the $CFG->session_timeout setting. This patch will clean those up and make things more consistent across the board.

Reviewed: https://reviews.mahara.org/6566
Committed: https://git.mahara.org/mahara/mahara/commit/4bed19a12b7c07fd558b78551c85f32eccc15364
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 4bed19a12b7c07fd558b78551c85f32eccc15364
Author: Aaron Wells <email address hidden>
Date: Wed Jun 8 19:14:18 2016 +1200

Bug 1590293: Correcting inconsistencies in session expiration

1. Add some documentation to session.php explaining what
the session.gc_maxlifetime ini setting does.

2. If we can't access $CFG->session_timeout, use a timeout of
an hour instead of the PHP default of 24 minutes.

3. Limit $CFG->session_timeout to 30 days, because we're already
enforcing that limit in session.php

4. Add "usr_session.mtime" column so that we can delete old sessions
based on inactivity instead of creation date.

5. Make the cron delete old session files as soon as they've expired,
rather than padding that an additional two days.

Change-Id: I9da2b26217774566b1131e997724359715edb2fe
behatnotneeded: Covered by existing tests

Reviewed: https://reviews.mahara.org/6582
Committed: https://git.mahara.org/mahara/mahara/commit/0913742c00380c77c79bf4b174684b9427e60a2b
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 0913742c00380c77c79bf4b174684b9427e60a2b
Author: Aaron Wells <email address hidden>
Date: Wed Jun 8 19:14:18 2016 +1200

Bug 1590293: Correcting inconsistencies in session expiration

1. Add some documentation to session.php explaining what
the session.gc_maxlifetime ini setting does.

2. If we can't access $CFG->session_timeout, use a timeout of
an hour instead of the PHP default of 24 minutes.

3. Limit $CFG->session_timeout to 30 days, because we're already
enforcing that limit in session.php

4. Add "usr_session.mtime" column so that we can delete old sessions
based on inactivity instead of creation date.

5. Make the cron delete old session files as soon as they've expired,
rather than padding that an additional two days.

Change-Id: I9da2b26217774566b1131e997724359715edb2fe
behatnotneeded: Covered by existing tests

Robert Lyon (robertl-9) on 2016-10-21
Changed in mahara:
milestone: 16.10.0 → none
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers