diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 09:47:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 10:49:13 -0400 |
commit | 56befec1e2f7208e1f61a67df56592475242020b (patch) | |
tree | 77da68335e963fe237577a74049b64c258fd9036 /usr/local/www/guiconfig.inc | |
parent | fcf53c1e081e218726f1d2168ecf8637e8ada41b (diff) | |
download | pfsense-56befec1e2f7208e1f61a67df56592475242020b.zip pfsense-56befec1e2f7208e1f61a67df56592475242020b.tar.gz |
Set the CSRF Magic timeout to the same as the session timeout, so that if a user sets a lower session time, the CSRF magic tokens do not outlive the user's session.
Diffstat (limited to 'usr/local/www/guiconfig.inc')
-rwxr-xr-x | usr/local/www/guiconfig.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 5959b15..988af9f 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -37,6 +37,9 @@ if(!$nocsrf) { function csrf_startup() { csrf_conf('rewrite-js', '/csrf/csrf-magic.js'); + $timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240; + csrf_conf('expires', $timeout_minutes * 60); + echo $GLOBALS['csrf']['expires']; } require_once("csrf/csrf-magic.php"); } |