diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 09:47:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 09:49:10 -0400 |
commit | 23c3ccb6b623c3439d84b454d064acfe96971428 (patch) | |
tree | e03cef90ce52e727c954d81063dbbd0ca18aa655 /usr/local/www/guiconfig.inc | |
parent | b3a1733da5a4ca752216c38201f23bb02d527b45 (diff) | |
download | pfsense-23c3ccb6b623c3439d84b454d064acfe96971428.zip pfsense-23c3ccb6b623c3439d84b454d064acfe96971428.tar.gz |
Set the CSRF Magic timeout to the same as the session timeout, so that if a user sets a lower session time, the CSRF magic tokens do not outlive the user's session.
Diffstat (limited to 'usr/local/www/guiconfig.inc')
-rwxr-xr-x | usr/local/www/guiconfig.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 61ae823..0cbbba5 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -37,6 +37,9 @@ if(!$nocsrf) { function csrf_startup() { csrf_conf('rewrite-js', '/csrf/csrf-magic.js'); + $timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240; + csrf_conf('expires', $timeout_minutes * 60); + echo $GLOBALS['csrf']['expires']; } require_once("csrf/csrf-magic.php"); } |