|
|
|
@ -311,16 +311,17 @@ class OC {
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sessionLifeTime = self::getSessionLifeTime();
|
|
|
|
|
// regenerate session id periodically to avoid session fixation
|
|
|
|
|
if (!self::$session->exists('SID_CREATED')) {
|
|
|
|
|
self::$session->set('SID_CREATED', time());
|
|
|
|
|
} else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
|
|
|
|
|
} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime) {
|
|
|
|
|
session_regenerate_id(true);
|
|
|
|
|
self::$session->set('SID_CREATED', time());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// session timeout
|
|
|
|
|
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
|
|
|
|
|
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
|
|
|
|
|
if (isset($_COOKIE[session_name()])) {
|
|
|
|
|
setcookie(session_name(), '', time() - 42000, $cookie_path);
|
|
|
|
|
}
|
|
|
|
@ -332,6 +333,13 @@ class OC {
|
|
|
|
|
self::$session->set('LAST_ACTIVITY', time());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return int
|
|
|
|
|
*/
|
|
|
|
|
private static function getSessionLifeTime() {
|
|
|
|
|
return OC_Config::getValue('session_life_time', 60 * 60 * 12);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function getRouter() {
|
|
|
|
|
if (!isset(OC::$router)) {
|
|
|
|
|
OC::$router = new OC_Router();
|
|
|
|
@ -393,9 +401,6 @@ class OC {
|
|
|
|
|
@ini_set('post_max_size', '10G');
|
|
|
|
|
@ini_set('file_uploads', '50');
|
|
|
|
|
|
|
|
|
|
//try to set the session lifetime to 60min
|
|
|
|
|
@ini_set('gc_maxlifetime', '3600');
|
|
|
|
|
|
|
|
|
|
//copy http auth headers for apache+php-fcgid work around
|
|
|
|
|
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
|
|
|
|
|
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
|
|
|
|
@ -455,6 +460,10 @@ class OC {
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//try to set the session lifetime
|
|
|
|
|
$sessionLifeTime = self::getSessionLifeTime();
|
|
|
|
|
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
|
|
|
|
|
|
|
|
|
|
// User and Groups
|
|
|
|
|
if (!OC_Config::getValue("installed", false)) {
|
|
|
|
|
self::$session->set('user_id','');
|
|
|
|
|