Comment 4 for bug 1590293

Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 0913742c00380c77c79bf4b174684b9427e60a2b
Author: Aaron Wells <email address hidden>
Date: Wed Jun 8 19:14:18 2016 +1200

Bug 1590293: Correcting inconsistencies in session expiration

1. Add some documentation to session.php explaining what
the session.gc_maxlifetime ini setting does.

2. If we can't access $CFG->session_timeout, use a timeout of
an hour instead of the PHP default of 24 minutes.

3. Limit $CFG->session_timeout to 30 days, because we're already
enforcing that limit in session.php

4. Add "usr_session.mtime" column so that we can delete old sessions
based on inactivity instead of creation date.

5. Make the cron delete old session files as soon as they've expired,
rather than padding that an additional two days.

Change-Id: I9da2b26217774566b1131e997724359715edb2fe
behatnotneeded: Covered by existing tests