From 2f380489a99538125392d4810e7fcf207bf02141 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Tue, 17 Jan 2006 11:59:39 +0000
Subject: [PATCH] New Session lifetime management

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@2504 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 contrib/gosa.conf |  1 +
 html/main.php     | 36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/contrib/gosa.conf b/contrib/gosa.conf
index ebc57722f..bb200461f 100644
--- a/contrib/gosa.conf
+++ b/contrib/gosa.conf
@@ -235,6 +235,7 @@
 		pwminlen="6"
 		forceglobals="false"
 		smbhash='{SMBHASH}'
+		session_lifetime="7200"
 		displayerros="{errorlvl}">
 
 		<location name="{LOCATIONNAME}"
diff --git a/html/main.php b/html/main.php
index 33f0c900a..dc9b66ece 100644
--- a/html/main.php
+++ b/html/main.php
@@ -32,9 +32,13 @@ $domain = 'messages';
 bindtextdomain($domain, "$BASE_DIR/locale");
 textdomain($domain);
 
+/* Set cookie lifetime to one day */
+session_set_cookie_params(24*60*60);
+
 /* Remember everything we did after the last click */
-session_set_cookie_params(2*60*60);
 session_start ();
+
+
 if ($_SERVER["REQUEST_METHOD"] == "POST"){
   @DEBUG (DEBUG_POST, __LINE__, __FUNCTION__, __FILE__, $_POST, "_POST");
 }
@@ -59,6 +63,36 @@ if ($_SERVER['REMOTE_ADDR'] != $ui->ip){
 }
 $config= $_SESSION['config'];
 
+
+/* Check for invalid sessions */
+if(empty($_SESSION['_LAST_PAGE_REQUEST'])){
+  $_SESSION['_LAST_PAGE_REQUEST']= time();
+}else{
+
+  /* check GOsa.conf for defined session lifetime */
+  if(isset($config->data['MAIN']['SESSION_LIFETIME'])){
+    $max_life = $config->data['MAIN']['SESSION_LIFETIME'];
+  }else{
+    $max_life = 60*60*2;
+  }
+
+  /* get time difference between last page reload */
+  $request_time = (time()-$_SESSION['_LAST_PAGE_REQUEST']);
+
+  /* If page wasn't reloaded for more than max_life seconds 
+   * kill session
+   */
+  if($request_time > $max_life){
+    session_unset();
+    gosa_log ("main.php called without session - logging out");
+    header ("Location: logout.php");
+    exit;
+  }
+  //echo "Session was ".$request_time." s inactive";
+  $_SESSION['_LAST_PAGE_REQUEST'] = time();
+}
+
+
 @DEBUG (DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config");
 
 /* Set template compile directory */
-- 
2.30.2