Merge pull request #3373 from strk/expire-login-later

Make log-in cookie expiration time configurable
2017-04-21 12:18:57 -04:00 · 2017-04-21 12:18:57 -04:00 · 27b3943cc7
parent 3da0436f01 a6c6287288
commit 27b3943cc7
4 changed files with 14 additions and 1 deletions
--- a/doc/htconfig.md
+++ b/doc/htconfig.md
@ -25,6 +25,7 @@ Example: To set the directory value please add this line to your .htconfig.php:
 * **allowed_link_protocols** (Array) - Allowed protocols in links URLs, add at your own risk. http is always allowed.
 * **birthday_input_format** - Default value is "ymd".
 * **block_local_dir** (Boolean) - Blocks the access to the directory of the local users.
+* **auth_cookie_lifetime** (Integer) - Number of days that should pass without any activity from a before before the users who choosed "Remember me" when logging in from that browser is considered logged out. Defaults to 7.
 * **curl_range_bytes** - Maximum number of bytes that should be fetched. Default is 0, which mean "no limit".
 * **db_log** - Name of a logfile to log slow database queries
 * **db_loglimit** - If a database call lasts longer than this value it is logged
--- a/htconfig.php
+++ b/htconfig.php
@ -91,3 +91,6 @@ $a->config['system']['directory'] = 'https://dir.friendica.social';

 // Allowed protocols in link URLs; HTTP protocols always are accepted
 $a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher');
+
+// Authentication cookie lifetime, in days
+$a->config['system']['auth_cookie_lifetime'] = 7;
--- a/include/auth.php
+++ b/include/auth.php
@ -1,4 +1,7 @@
 <?php
+
+use \Friendica\Core\Config;
+
 require_once('include/security.php');
 require_once('include/datetime.php');

@ -19,7 +22,10 @@ if (isset($_COOKIE["Friendica"])) {
 			}

 			// Renew the cookie
-			new_cookie(604800, $r[0]);
+			// Expires after 7 days by default,
+			// can be set via system.auth_cookie_lifetime
+			$authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7);
+			new_cookie($authcookiedays*24*60*60, $r[0]);

 			// Do the authentification if not done by now
 			if (!isset($_SESSION) OR !isset($_SESSION['authenticated'])) {
--- a/view/templates/htconfig.tpl
+++ b/view/templates/htconfig.tpl
@ -99,3 +99,6 @@ $a->config['system']['no_regfullname'] = true;

 // Location of the global directory
 $a->config['system']['directory'] = 'http://dir.friendi.ca';
+
+// Authentication cookie lifetime, in days
+$a->config['system']['auth_cookie_lifetime'] = 7;