Fixed: FS#3556 - Der in Session-Timeout eingegebene Wert wird nicht durch Aktivität verlängert

Marius Cramer · Marius Cramer · commit efdd1a3ffccc · 2014-07-28T11:20:02.000+02:00
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
@@ -78,16 +78,16 @@ public function __construct() {
 					$tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));
 					if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
 						$this->session->set_timeout($sess_timeout);
-						session_set_cookie_params(($sess_timeout * 60) + 300); // make the cookie live 5 minutes longer
+						session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short
 					} else {
 						// we are doing login here, so we need to set the session data
 						$this->session->set_permanent(true);
 						$this->session->set_timeout(365 * 24 * 3600); // one year
-						session_set_cookie_params(365 * 24 * 3600); // make the cookie live 5 minutes longer
+						session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short
 					}
 				} else {
 					$this->session->set_timeout($sess_timeout);
-					session_set_cookie_params(($sess_timeout * 60) + 300); // make the cookie live 5 minutes longer
+					session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short
 				}
 			} else {
 				session_set_cookie_params(0); // until browser is closed
