Skip to content

Commit

Permalink
Add config option to disable strict session timeout to be able to use…
Browse files Browse the repository at this point in the history 
… read_and_close

Fixed #29356

Signed-off-by: Julius Härtl <jus@bitgrid.net>
  • Loading branch information
@juliusknorr
juliusknorr committed Aug 16, 2022
1 parent 855898b commit bb46321
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
13 changes: 12 additions & 1 deletion lib/base.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -448,14 +448,18 @@ public static function initSession() {
$sessionLifeTime = self::getSessionLifeTime();

// session timeout
// TODO: This is expensive as we always need to write the session
// read_and_close may not be an option unless we actually get rid of this
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', -1, self::$WEBROOT ? : '/');
}
\OC::$server->getUserSession()->logout();
}

$session->set('LAST_ACTIVITY', time());
if (!self::getSessionRelaxedExpiry()) {
$session->set('LAST_ACTIVITY', time());
}
$session->close();
}

Expand All @@ -466,6 +470,13 @@ private static function getSessionLifeTime() {
return \OC::$server->getConfig()->getSystemValue('session_lifetime', 60 * 60 * 24);
}

/**
* @return bool true if the session expiry should only be done by gc instead of an explicit timeout
*/
public static function getSessionRelaxedExpiry(): bool {
return \OC::$server->getConfig()->getSystemValue('session_relaxed_expiry', false);
}

/**
* Try to set some values to the required Nextcloud default
*/
Expand Down
10 changes: 7 additions & 3 deletions lib/private/Session/Internal.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ public function getId(): string {
*/
public function reopen(): bool {
if ($this->sessionClosed) {
$this->startSession();
$this->startSession(false, false);
$this->sessionClosed = false;
return true;
}
Expand Down Expand Up @@ -225,7 +225,11 @@ private function invoke(string $functionName, array $parameters = [], bool $sile
}
}

private function startSession(bool $silence = false) {
$this->invoke('session_start', [['cookie_samesite' => 'Lax']], $silence);
private function startSession(bool $silence = false, bool $readAndClose = true) {
$sessionParams = ['cookie_samesite' => 'Lax'];
if (\OC::getSessionRelaxedExpiry()) {
$sessionParams['read_and_close'] = $readAndClose;
}
$this->invoke('session_start', [$sessionParams], $silence);
}
}

0 comments on commit bb46321

Please # to comment.