From 05b6891e89c52f325aaa910f853938b39bf8129e Mon Sep 17 00:00:00 2001
From: Sandro Santilli <strk@kbt.io>
Date: Fri, 21 Apr 2017 16:15:39 +0200
Subject: [PATCH] Allow specifying cookie lifetime via config variable

Tweak $a->config['system']['auth_cookie_lifetime']
---
 htconfig.php     | 3 +++
 include/auth.php | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/htconfig.php b/htconfig.php
index 4ea97e9aeb..08beb0b50e 100644
--- a/htconfig.php
+++ b/htconfig.php
@@ -91,3 +91,6 @@ $a->config['system']['directory'] = 'https://dir.friendica.social';
 
 // Allowed protocols in link URLs; HTTP protocols always are accepted
 $a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher');
+
+// Authentication cookie lifetime, in days
+$a->config['system']['auth_cookie_lifetime'] = 7
diff --git a/include/auth.php b/include/auth.php
index 636b5b153a..2258128c5d 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -19,8 +19,10 @@ if (isset($_COOKIE["Friendica"])) {
 			}
 
 			// Renew the cookie
-			// Expires after 90 days - TODO: use a configuration variable
-			new_cookie(90*24*60*60, $r[0]);
+			// Expires after 7 days by default,
+			// can be set via system.auth_cookie_lifetime
+			$authcookiedays = get_config('system','auth_cookie_lifetime') || 7;
+			new_cookie($authcookiedays*24*60*60, $r[0]);
 
 			// Do the authentification if not done by now
 			if (!isset($_SESSION) OR !isset($_SESSION['authenticated'])) {