Revision 02647583
Added by Ermal LUÇI over 15 years ago
| etc/inc/auth.inc | ||
|---|---|---|
| 1106 | 1106 |
return false; |
| 1107 | 1107 |
|
| 1108 | 1108 |
/* If session timeout isn't set, we don't mark sessions stale */ |
| 1109 |
if (empty($config['system']['webgui']['session_timeout'])) {
|
|
| 1109 |
if (!isset($config['system']['webgui']['session_timeout'])) {
|
|
| 1110 | 1110 |
/* Default to 4 hour timeout if one is not set */ |
| 1111 | 1111 |
if ($_SESSION['last_access'] < (time() - 14400)) {
|
| 1112 | 1112 |
$_GET['logout'] = true; |
| 1113 | 1113 |
$_SESSION['Logout'] = true; |
| 1114 | 1114 |
} else |
| 1115 | 1115 |
$_SESSION['last_access'] = time(); |
| 1116 |
} else if (intval($config['system']['webgui']['session_timeout']) == 0) {
|
|
| 1117 |
/* only update if it wasn't ajax */ |
|
| 1118 |
if (!isAjax()) |
|
| 1119 |
$_SESSION['last_access'] = time(); |
|
| 1116 | 1120 |
} else {
|
| 1117 | 1121 |
/* Check for stale session */ |
| 1118 | 1122 |
if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) {
|
| usr/local/www/system_usermanager_settings.php | ||
|---|---|---|
| 57 | 57 |
unset($input_errors); |
| 58 | 58 |
$pconfig = $_POST; |
| 59 | 59 |
|
| 60 |
if($_POST['session_timeout']) {
|
|
| 60 |
if(isset($_POST['session_timeout'])) {
|
|
| 61 | 61 |
$timeout = intval($_POST['session_timeout']); |
| 62 | 62 |
if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0)) |
| 63 | 63 |
$input_errors[] = gettext("Session timeout must be an integer value.");
|
| ... | ... | |
| 65 | 65 |
|
| 66 | 66 |
if (!$input_errors) {
|
| 67 | 67 |
|
| 68 |
if($_POST['session_timeout'])
|
|
| 68 |
if(isset($_POST['session_timeout']))
|
|
| 69 | 69 |
$config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); |
| 70 | 70 |
else |
| 71 | 71 |
unset($config['system']['webgui']['session_timeout']); |
Also available in: Unified diff
Ticket #378. Correctly handle a timeout of 0 to mean never timeout.