From 7ef52ac5e398efbbb865083bcd0cdcd404a3889d Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 25 Jun 2021 12:23:01 +0300
Subject: prolong PHP session cookie automatically to stop hard logouts after
 SESSION_LIFETIME expires

---
 include/sessions.php | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/sessions.php b/include/sessions.php
index b4d901b..aa0cd94 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -1,17 +1,31 @@
 <?php
 	require_once "common.php";
 
+	$session_name = Config::get(Config::SESSION_NAME);
+	$session_expire = Config::get(Config::SESSION_LIFETIME);
+
 	if (Config::is_server_https())
 		ini_set("session.cookie_secure", "true");
 
 	ini_set("session.name", "epube_sid");
 	ini_set("session.use_only_cookies", "true");
-	ini_set("session.gc_maxlifetime", Config::get(Config::SESSION_LIFETIME));
-	ini_set("session.cookie_lifetime", Config::get(Config::SESSION_LIFETIME));
-	session_set_cookie_params(Config::get(Config::SESSION_LIFETIME));
+	ini_set("session.gc_maxlifetime", $session_expire);
+	ini_set("session.cookie_lifetime", "0");
+
+	session_set_cookie_params($session_expire);
 
 	session_save_path(dirname(__DIR__) . "/sessions");
 
+	// prolong PHP session cookie
+	if (isset($_COOKIE[$session_name]))
+	setcookie($session_name,
+		$_COOKIE[$session_name],
+		time() + $session_expire,
+		ini_get("session.cookie_path"),
+		ini_get("session.cookie_domain"),
+		ini_get("session.cookie_secure"),
+		ini_get("session.cookie_httponly"));
+
 	function validate_session() {
 		if (!empty($_SESSION["owner"])) {
 
-- 
cgit v1.2.3