From 02647583e94b630d6962095347ec219a57d5d48b Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Tue, 27 Apr 2010 14:07:48 +0000
Subject: Ticket #378. Correctly handle a timeout of 0 to mean never timeout.

---
 etc/inc/auth.inc                              | 6 +++++-
 usr/local/www/system_usermanager_settings.php | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index c1a9ba5..44d8a5c 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1106,13 +1106,17 @@ function session_auth() {
 		return false;
 
 	/* If session timeout isn't set, we don't mark sessions stale */
-	if (empty($config['system']['webgui']['session_timeout'])) {
+	if (!isset($config['system']['webgui']['session_timeout'])) {
 		/* Default to 4 hour timeout if one is not set */
 		if ($_SESSION['last_access'] < (time() - 14400)) {
 			$_GET['logout'] = true;
 			$_SESSION['Logout'] = true;
 		} else
 			$_SESSION['last_access'] = time();	
+	} else if (intval($config['system']['webgui']['session_timeout']) == 0) {
+		/* only update if it wasn't ajax */
+		if (!isAjax())
+			$_SESSION['last_access'] = time();
 	} else {
 		/* Check for stale session */
 		if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) {
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php
index b2c8209..63cec0f 100755
--- a/usr/local/www/system_usermanager_settings.php
+++ b/usr/local/www/system_usermanager_settings.php
@@ -57,7 +57,7 @@ if ($_POST) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
-	if($_POST['session_timeout']) {
+	if(isset($_POST['session_timeout'])) {
 		$timeout = intval($_POST['session_timeout']);
 		if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0))
 			$input_errors[] = gettext("Session timeout must be an integer value.");
@@ -65,7 +65,7 @@ if ($_POST) {
 
 	if (!$input_errors) {
 
-		if($_POST['session_timeout'])
+		if(isset($_POST['session_timeout']))
 			$config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']);
 		else
 			unset($config['system']['webgui']['session_timeout']);
-- 
cgit v1.1