From 0ade04c3bb54921c56298a3a346bb665f1bb7c7d Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Fri, 30 Sep 2016 18:43:42 +0100 Subject: [PATCH] Set the expiry on the session cookie. Fixes #113.\nThis commit adds a new settings property, 'sessionlifetime', so we need to add in #83 now. --- build/index.php | 3 +++ core.php | 2 ++ peppermint.guiconfig.json | 1 + 3 files changed, 6 insertions(+) diff --git a/build/index.php b/build/index.php index ccb54e8..77af1c5 100755 --- a/build/index.php +++ b/build/index.php @@ -144,6 +144,7 @@ $guiConfig = <<<'GUICONFIG' "max_recent_changes": {"type": "number", "description": "The maximum number of recent changes to display on the recent changes page.", "default": 512}, "export_allow_only_admins": {"type": "checkbox", "description": "Whether to only allow adminstrators to export the your wiki as a zip using the page-export module.", "default": false}, "sessionprefix": {"type": "text", "description": "You shouldn't need to change this. The prefix that should be used in the names of the session variables. Defaults to \"auto\", which automatically generates this field. See the readme for more information.", "default": "auto"}, + "sessionlifetime": { "type": "number", "description": "Again, you shouldn't need to change this under normal circumstances. This setting controls the lifetime of a login session. Defaults to 24 hours, but it may get cut off sooner depending on the underlying PHP session lifetime.", "default": 86400 }, "css": {"type": "textarea", "description": "A string of css to include. Will be included in the <head> of every page inside a <style> tag. This may also be a url - urls will be referenced via a <link rel='stylesheet' /> tag.", "default": "auto"} } GUICONFIG; @@ -343,6 +344,8 @@ foreach ($paths as &$path) { $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files session_start(); +// Make sure that the login cookie lasts beyond the end of the user's session +setcookie(session_name(), session_id(), time() + $settings->sessionlifetime); ///////// Login System ///////// // Clear expired sessions if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and diff --git a/core.php b/core.php index 0636d1c..1749aa2 100644 --- a/core.php +++ b/core.php @@ -36,6 +36,8 @@ foreach ($paths as &$path) { $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files session_start(); +// Make sure that the login cookie lasts beyond the end of the user's session +setcookie(session_name(), session_id(), time() + $settings->sessionlifetime); ///////// Login System ///////// // Clear expired sessions if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and diff --git a/peppermint.guiconfig.json b/peppermint.guiconfig.json index af1d257..8fa5157 100644 --- a/peppermint.guiconfig.json +++ b/peppermint.guiconfig.json @@ -122,5 +122,6 @@ "max_recent_changes": {"type": "number", "description": "The maximum number of recent changes to display on the recent changes page.", "default": 512}, "export_allow_only_admins": {"type": "checkbox", "description": "Whether to only allow adminstrators to export the your wiki as a zip using the page-export module.", "default": false}, "sessionprefix": {"type": "text", "description": "You shouldn't need to change this. The prefix that should be used in the names of the session variables. Defaults to \"auto\", which automatically generates this field. See the readme for more information.", "default": "auto"}, + "sessionlifetime": { "type": "number", "description": "Again, you shouldn't need to change this under normal circumstances. This setting controls the lifetime of a login session. Defaults to 24 hours, but it may get cut off sooner depending on the underlying PHP session lifetime.", "default": 86400 }, "css": {"type": "textarea", "description": "A string of css to include. Will be included in the <head> of every page inside a <style> tag. This may also be a url - urls will be referenced via a <link rel='stylesheet' /> tag.", "default": "auto"} }