From 7ef52ac5e398efbbb865083bcd0cdcd404a3889d Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 25 Jun 2021 12:23:01 +0300
Subject: prolong PHP session cookie automatically to stop hard logouts after
 SESSION_LIFETIME expires

---
 classes/config.php   |  2 ++
 include/sessions.php | 20 +++++++++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/classes/config.php b/classes/config.php
index 95b0ccc..e62ea34 100644
--- a/classes/config.php
+++ b/classes/config.php
@@ -14,6 +14,7 @@ class Config {
 	const BOOKS_DIR = "BOOKS_DIR";
 	const DICT_SERVER = "DICT_SERVER";
 	const SESSION_LIFETIME = "SESSION_LIFETIME";
+	const SESSION_NAME = "SESSION_NAME";
 
 	private const _DEFAULTS = [
 		Config::DB_TYPE => [ "sqlite", Config::T_STRING ],
@@ -22,6 +23,7 @@ class Config {
 		Config::BOOKS_DIR => [ "", Config::T_STRING ],
 		Config::DICT_SERVER => [ "", Config::T_STRING ],
 		Config::SESSION_LIFETIME => [ 86400*30, Config::T_INT ],
+		Config::SESSION_NAME => [ "epube_sid", Config::T_STRING ],
 	];
 
 	private static $instance;
diff --git a/include/sessions.php b/include/sessions.php
index b4d901b..aa0cd94 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -1,17 +1,31 @@
 <?php
 	require_once "common.php";
 
+	$session_name = Config::get(Config::SESSION_NAME);
+	$session_expire = Config::get(Config::SESSION_LIFETIME);
+
 	if (Config::is_server_https())
 		ini_set("session.cookie_secure", "true");
 
 	ini_set("session.name", "epube_sid");
 	ini_set("session.use_only_cookies", "true");
-	ini_set("session.gc_maxlifetime", Config::get(Config::SESSION_LIFETIME));
-	ini_set("session.cookie_lifetime", Config::get(Config::SESSION_LIFETIME));
-	session_set_cookie_params(Config::get(Config::SESSION_LIFETIME));
+	ini_set("session.gc_maxlifetime", $session_expire);
+	ini_set("session.cookie_lifetime", "0");
+
+	session_set_cookie_params($session_expire);
 
 	session_save_path(dirname(__DIR__) . "/sessions");
 
+	// prolong PHP session cookie
+	if (isset($_COOKIE[$session_name]))
+	setcookie($session_name,
+		$_COOKIE[$session_name],
+		time() + $session_expire,
+		ini_get("session.cookie_path"),
+		ini_get("session.cookie_domain"),
+		ini_get("session.cookie_secure"),
+		ini_get("session.cookie_httponly"));
+
 	function validate_session() {
 		if (!empty($_SESSION["owner"])) {
 
-- 
cgit v1.2.3