diff options
| author | Andrew Dolgov <[email protected]> | 2021-06-25 12:23:01 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-06-25 12:23:01 +0300 |
| commit | 7ef52ac5e398efbbb865083bcd0cdcd404a3889d (patch) | |
| tree | 5344ddb9d2c15320fcb42bbaf29e1c6c592c5143 | |
| parent | 2887f9109521c9790579f0c5938c25bf95bcb132 (diff) | |
prolong PHP session cookie automatically to stop hard logouts after SESSION_LIFETIME expires
| -rw-r--r-- | classes/config.php | 2 | ||||
| -rw-r--r-- | include/sessions.php | 20 |
2 files changed, 19 insertions, 3 deletions
diff --git a/classes/config.php b/classes/config.php index 95b0ccc..e62ea34 100644 --- a/classes/config.php +++ b/classes/config.php @@ -14,6 +14,7 @@ class Config { const BOOKS_DIR = "BOOKS_DIR"; const DICT_SERVER = "DICT_SERVER"; const SESSION_LIFETIME = "SESSION_LIFETIME"; + const SESSION_NAME = "SESSION_NAME"; private const _DEFAULTS = [ Config::DB_TYPE => [ "sqlite", Config::T_STRING ], @@ -22,6 +23,7 @@ class Config { Config::BOOKS_DIR => [ "", Config::T_STRING ], Config::DICT_SERVER => [ "", Config::T_STRING ], Config::SESSION_LIFETIME => [ 86400*30, Config::T_INT ], + Config::SESSION_NAME => [ "epube_sid", Config::T_STRING ], ]; private static $instance; diff --git a/include/sessions.php b/include/sessions.php index b4d901b..aa0cd94 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -1,17 +1,31 @@ <?php require_once "common.php"; + $session_name = Config::get(Config::SESSION_NAME); + $session_expire = Config::get(Config::SESSION_LIFETIME); + if (Config::is_server_https()) ini_set("session.cookie_secure", "true"); ini_set("session.name", "epube_sid"); ini_set("session.use_only_cookies", "true"); - ini_set("session.gc_maxlifetime", Config::get(Config::SESSION_LIFETIME)); - ini_set("session.cookie_lifetime", Config::get(Config::SESSION_LIFETIME)); - session_set_cookie_params(Config::get(Config::SESSION_LIFETIME)); + ini_set("session.gc_maxlifetime", $session_expire); + ini_set("session.cookie_lifetime", "0"); + + session_set_cookie_params($session_expire); session_save_path(dirname(__DIR__) . "/sessions"); + // prolong PHP session cookie + if (isset($_COOKIE[$session_name])) + setcookie($session_name, + $_COOKIE[$session_name], + time() + $session_expire, + ini_get("session.cookie_path"), + ini_get("session.cookie_domain"), + ini_get("session.cookie_secure"), + ini_get("session.cookie_httponly")); + function validate_session() { if (!empty($_SESSION["owner"])) { |