diff options
author | Ermal <eri@pfsense.org> | 2010-04-27 14:07:48 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-04-27 14:07:48 +0000 |
commit | 02647583e94b630d6962095347ec219a57d5d48b (patch) | |
tree | 88de3731a5af19352a3e0a5a735f67303d30b3f8 | |
parent | a1cab2c7ebe77e83cb091712c18ae8267bdfe1e4 (diff) | |
download | pfsense-02647583e94b630d6962095347ec219a57d5d48b.zip pfsense-02647583e94b630d6962095347ec219a57d5d48b.tar.gz |
Ticket #378. Correctly handle a timeout of 0 to mean never timeout.
-rw-r--r-- | etc/inc/auth.inc | 6 | ||||
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index c1a9ba5..44d8a5c 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1106,13 +1106,17 @@ function session_auth() { return false; /* If session timeout isn't set, we don't mark sessions stale */ - if (empty($config['system']['webgui']['session_timeout'])) { + if (!isset($config['system']['webgui']['session_timeout'])) { /* Default to 4 hour timeout if one is not set */ if ($_SESSION['last_access'] < (time() - 14400)) { $_GET['logout'] = true; $_SESSION['Logout'] = true; } else $_SESSION['last_access'] = time(); + } else if (intval($config['system']['webgui']['session_timeout']) == 0) { + /* only update if it wasn't ajax */ + if (!isAjax()) + $_SESSION['last_access'] = time(); } else { /* Check for stale session */ if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) { diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index b2c8209..63cec0f 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -57,7 +57,7 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if($_POST['session_timeout']) { + if(isset($_POST['session_timeout'])) { $timeout = intval($_POST['session_timeout']); if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0)) $input_errors[] = gettext("Session timeout must be an integer value."); @@ -65,7 +65,7 @@ if ($_POST) { if (!$input_errors) { - if($_POST['session_timeout']) + if(isset($_POST['session_timeout'])) $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); |