Reviewed: https://reviews.mahara.org/6582 Committed: https://git.mahara.org/mahara/mahara/commit/0913742c00380c77c79bf4b174684b9427e60a2b Submitter: Robert Lyon (<email address hidden>) Branch: 16.04_STABLE
commit 0913742c00380c77c79bf4b174684b9427e60a2b Author: Aaron Wells <email address hidden> Date: Wed Jun 8 19:14:18 2016 +1200
Bug 1590293: Correcting inconsistencies in session expiration
1. Add some documentation to session.php explaining what the session.gc_maxlifetime ini setting does.
2. If we can't access $CFG->session_timeout, use a timeout of an hour instead of the PHP default of 24 minutes.
3. Limit $CFG->session_timeout to 30 days, because we're already enforcing that limit in session.php
4. Add "usr_session.mtime" column so that we can delete old sessions based on inactivity instead of creation date.
5. Make the cron delete old session files as soon as they've expired, rather than padding that an additional two days.
Change-Id: I9da2b26217774566b1131e997724359715edb2fe behatnotneeded: Covered by existing tests
Reviewed: https:/ /reviews. mahara. org/6582 /git.mahara. org/mahara/ mahara/ commit/ 0913742c00380c7 7c79bf4b174684b 9427e60a2b
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE
commit 0913742c00380c7 7c79bf4b174684b 9427e60a2b
Author: Aaron Wells <email address hidden>
Date: Wed Jun 8 19:14:18 2016 +1200
Bug 1590293: Correcting inconsistencies in session expiration
1. Add some documentation to session.php explaining what gc_maxlifetime ini setting does.
the session.
2. If we can't access $CFG->session_ timeout, use a timeout of
an hour instead of the PHP default of 24 minutes.
3. Limit $CFG->session_ timeout to 30 days, because we're already
enforcing that limit in session.php
4. Add "usr_session.mtime" column so that we can delete old sessions
based on inactivity instead of creation date.
5. Make the cron delete old session files as soon as they've expired,
rather than padding that an additional two days.
Change-Id: I9da2b262177745 66b1131e9977243 59715edb2fe
behatnotneeded: Covered by existing tests