</option>
<!-- /general.system.proxy -->
<!-- security.general.session -->
- <option name="session_timeout">
- <categoryname>security.general.session</categoryname>
- <optiontype>integer</optiontype>
- <defaultvalue>1800</defaultvalue>
- <minvalue>600</minvalue>
- <maxvalue>86400</maxvalue>
- <suffix>seconds</suffix>
- </option>
<option name="user_online_timeout">
<categoryname>security.general.session</categoryname>
<optiontype>integer</optiontype>
<defaultvalue>900</defaultvalue>
<minvalue>1</minvalue>
+ <maxvalue>7200</maxvalue>
<suffix>seconds</suffix>
</option>
<!-- /security.general.session -->
define('HTTP_ENABLE_GZIP', 1);
define('PACKAGE_SERVER_AUTH_CODE', '');
define('PROXY_SERVER_HTTP', '');
-define('SESSION_TIMEOUT', 1800);
define('IP_ADDRESS_SEARCH_ENGINE', '');
define('USER_ONLINE_TIMEOUT', 900);
define('ENABLE_USER_AUTHENTICATION_FAILURE', 1);
namespace wcf\data\acp\session;
use wcf\data\DatabaseObjectEditor;
use wcf\system\database\util\PreparedStatementConditionBuilder;
+use wcf\system\session\SessionHandler;
use wcf\system\WCF;
/**
}
/**
- * Deletes active sessions of the given users.
- *
- * @param integer[] $userIDs
+ * @deprecated 5.4 - Sessions are managed via the SessionHandler.
*/
public static function deleteUserSessions(array $userIDs = []) {
$conditionBuilder = new PreparedStatementConditionBuilder();
}
/**
- * Deletes the expired sessions.
- *
- * @param integer $timestamp
+ * @deprecated 5.4 - Sessions are managed via the SessionHandler.
*/
public static function deleteExpiredSessions($timestamp) {
- $sql = "DELETE FROM ".call_user_func([static::$baseClass, 'getDatabaseTableName'])."
- WHERE lastActivityTime < ?";
- $statement = WCF::getDB()->prepareStatement($sql);
- $statement->execute([$timestamp]);
+ SessionHandler::getInstance()->prune();
}
}
* @return boolean
*/
public function isActive() {
- if ($this->active && $this->lastActivityTime > TIME_NOW - SESSION_TIMEOUT) {
- return 1;
- }
-
- return 0;
+ return $this->active ? true : false;
}
/**
// Virtual sessions no longer exist since 5.4.
define('SESSION_ENABLE_VIRTUALIZATION', 1);
+ // The session timeout is fully managed since 5.4.
+ define('SESSION_TIMEOUT', 3600);
+
$filename = WCF_DIR.'options.inc.php';
// create options file if doesn't exist
$application->__run();
}
- // refresh the session 1 minute before it expires
- self::getTPL()->assign('__sessionKeepAlive', SESSION_TIMEOUT - 60);
+ // TODO: Check this
+ self::getTPL()->assign('__sessionKeepAlive', 60 * 50);
}
}
<?php
namespace wcf\system\cronjob;
-use wcf\data\acp\session\ACPSessionEditor;
use wcf\data\cronjob\Cronjob;
-use wcf\data\session\SessionEditor;
+use wcf\system\session\SessionHandler;
/**
* Deletes expired sessions.
*
- * @author Marcel Werk
- * @copyright 2001-2019 WoltLab GmbH
+ * @author Tim Duesterhus Marcel Werk
+ * @copyright 2001-2020 WoltLab GmbH
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
* @package WoltLabSuite\Core\System\Cronjob
*/
public function execute(Cronjob $cronjob) {
parent::execute($cronjob);
- // Prevent the sessions from expiring while the development mode is active.
- if (!ENABLE_DEBUG_MODE || !ENABLE_DEVELOPER_TOOLS) {
- ACPSessionEditor::deleteExpiredSessions(TIME_NOW - SESSION_TIMEOUT);
- }
-
- SessionEditor::deleteExpiredSessions(TIME_NOW - SESSION_TIMEOUT);
+ SessionHandler::getInstance()->prune();
}
}
// try to find existing session log
$sql = "SELECT sessionLogID
FROM wcf".WCF_N."_acp_session_log
- WHERE sessionID = ?
- AND lastActivityTime >= ?";
+ WHERE sessionID = ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute([
WCF::getSession()->sessionID,
- TIME_NOW - SESSION_TIMEOUT
]);
$row = $statement->fetchArray();
if (!empty($row['sessionLogID'])) {
*/
protected $usersOnlyPermissions = [];
+ private const ACP_SESSION_LIFETIME = 7200;
+ private const GUEST_SESSION_LIFETIME = 7200;
+ private const USER_SESSION_LIFETIME = 86400 * 14;
+
/**
* Provides access to session data.
*
return false;
}
+ // Check whether the session technically already expired.
+ $lifetime =
+ ($this->isACP ? self::ACP_SESSION_LIFETIME :
+ ($row['userID'] ? self::USER_SESSION_LIFETIME :
+ ( self::GUEST_SESSION_LIFETIME)));
+ if ($row['lastActivityTime'] < (TIME_NOW - $lifetime)) {
+ return false;
+ }
+
$variables = @unserialize($row['sessionVariables']);
// Check whether the session variables became corrupted.
if (!is_array($variables)) {
}
}
+ /**
+ * Prunes expired sessions.
+ */
+ public function prune() {
+ // Prevent the sessions from expiring while the development mode is active.
+ if (!ENABLE_DEBUG_MODE || !ENABLE_DEVELOPER_TOOLS) {
+ $sql = "DELETE FROM wcf".WCF_N."_user_session
+ WHERE lastActivityTime < ?";
+ $statement = WCF::getDB()->prepareStatement($sql);
+ $statement->execute([
+ TIME_NOW - self::ACP_SESSION_LIFETIME,
+ ]);
+ }
+
+ $sql = "DELETE FROM wcf".WCF_N."_user_session
+ WHERE (lastActivityTime < ? AND userID IS NULL)
+ OR (lastActivityTime < ? AND userID IS NOT NULL)";
+ $statement = WCF::getDB()->prepareStatement($sql);
+ $statement->execute([
+ TIME_NOW - self::GUEST_SESSION_LIFETIME,
+ TIME_NOW - self::USER_SESSION_LIFETIME,
+ ]);
+
+ // Legacy sessions live 120 minutes, they will be re-created on demand.
+ $sql = "DELETE FROM wcf".WCF_N."_session
+ WHERE lastActivityTime < ?";
+ $statement = WCF::getDB()->prepareStatement($sql);
+ $statement->execute([
+ TIME_NOW - (3600 * 2),
+ ]);
+ }
+
/**
* Deletes this session if:
* - it is newly created in this request, and
define('BLACKLIST_USER_AGENTS', '');
define('BLACKLIST_HOSTNAMES', '');
-define('SESSION_TIMEOUT', 3600);
-
define('CACHE_SOURCE_TYPE', 'disk');
define('IMAGE_ADAPTER_TYPE', 'gd');
define('MODULE_MASTER_PASSWORD', 0);
<item name="wcf.acp.option.page_description"><![CDATA[Seitenbeschreibung]]></item>
<item name="wcf.acp.option.page_title"><![CDATA[Titel der Seite]]></item>
<item name="wcf.acp.option.proxy_server_http"><![CDATA[Proxy-Server (HTTP)]]></item>
- <item name="wcf.acp.option.session_timeout"><![CDATA[Gültigkeitslänge einer Sitzung]]></item>
- <item name="wcf.acp.option.session_timeout.description"/>
<item name="wcf.acp.option.timezone"><![CDATA[Zeitzone]]></item>
<item name="wcf.acp.option.timezone.description"><![CDATA[Standard-Zeitzone {if LANGUAGE_USE_INFORMAL_VARIANT}deiner{else}Ihrer{/if} Seite]]></item>
<item name="wcf.acp.option.ip_address_search_engine"><![CDATA[Suchmaschine für IP-Adressen]]></item>
<item name="wcf.acp.option.page_description"><![CDATA[Page Description]]></item>
<item name="wcf.acp.option.page_title"><![CDATA[Page Title]]></item>
<item name="wcf.acp.option.proxy_server_http"><![CDATA[Proxy-Server (HTTP)]]></item>
- <item name="wcf.acp.option.session_timeout"><![CDATA[User Session Timeout]]></item>
- <item name="wcf.acp.option.session_timeout.description"><![CDATA[User sessions expire after the following seconds.]]></item>
<item name="wcf.acp.option.timezone"><![CDATA[Timezone]]></item>
<item name="wcf.acp.option.timezone.description"><![CDATA[The default timezone of your page.]]></item>
<item name="wcf.acp.option.ip_address_search_engine"><![CDATA[Search Engine for IP Addresses]]></item>
projects / GitHub / WoltLab / WCF.git / commitdiff