Mahara

Inconsistencies in how we handle $CFG->session_timeout

Bug #1590293 reported by Aaron Wells on 2016-06-08

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	Medium	Aaron Wells
16.04	Fix Released	Medium	Aaron Wells	Mahara 16.04.1
16.10	Fix Released	Medium	Aaron Wells	Mahara 16.10.0

Bug Description

While researching bug 1588613 I noticed several inconsistencies in how we handle the $CFG->session_timeout setting. This patch will clean those up and make things more consistent across the board.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-06-08: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6566

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-06-09: A change has been merged

Reviewed: https://reviews.mahara.org/6566
Committed: https://git.mahara.org/mahara/mahara/commit/4bed19a12b7c07fd558b78551c85f32eccc15364
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 4bed19a12b7c07fd558b78551c85f32eccc15364
Author: Aaron Wells <email address hidden>
Date: Wed Jun 8 19:14:18 2016 +1200

Bug 1590293: Correcting inconsistencies in session expiration

1. Add some documentation to session.php explaining what
the session.gc_maxlifetime ini setting does.

2. If we can't access $CFG->session_timeout, use a timeout of
an hour instead of the PHP default of 24 minutes.

3. Limit $CFG->session_timeout to 30 days, because we're already
enforcing that limit in session.php

4. Add "usr_session.mtime" column so that we can delete old sessions
based on inactivity instead of creation date.

5. Make the cron delete old session files as soon as they've expired,
rather than padding that an additional two days.

Change-Id: I9da2b26217774566b1131e997724359715edb2fe
behatnotneeded: Covered by existing tests

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-06-09: A patch has been submitted for review

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/6582

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-06-09: A change has been merged

Reviewed: https://reviews.mahara.org/6582
Committed: https://git.mahara.org/mahara/mahara/commit/0913742c00380c77c79bf4b174684b9427e60a2b
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 0913742c00380c77c79bf4b174684b9427e60a2b
Author: Aaron Wells <email address hidden>
Date: Wed Jun 8 19:14:18 2016 +1200

Bug 1590293: Correcting inconsistencies in session expiration

1. Add some documentation to session.php explaining what
the session.gc_maxlifetime ini setting does.

2. If we can't access $CFG->session_timeout, use a timeout of
an hour instead of the PHP default of 24 minutes.

3. Limit $CFG->session_timeout to 30 days, because we're already
enforcing that limit in session.php

4. Add "usr_session.mtime" column so that we can delete old sessions
based on inactivity instead of creation date.

5. Make the cron delete old session files as soon as they've expired,
rather than padding that an additional two days.

Change-Id: I9da2b26217774566b1131e997724359715edb2fe
behatnotneeded: Covered by existing tests

Robert Lyon (robertl-9) on 2016-10-21

Changed in mahara:
milestone:	16.10.0 → none
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.