Skip to content
  • Aaron Wells's avatar
    Bug 1590293: Correcting inconsistencies in session expiration · 0913742c
    Aaron Wells authored and Robert Lyon's avatar Robert Lyon committed
    1. Add some documentation to session.php explaining what
    the session.gc_maxlifetime ini setting does.
    
    2. If we can't access $CFG->session_timeout, use a timeout of
    an hour instead of the PHP default of 24 minutes.
    
    3. Limit $CFG->session_timeout to 30 days, because we're already
    enforcing that limit in session.php
    
    4. Add "usr_session.mtime" column so that we can delete old sessions
    based on inactivity instead of creation date.
    
    5. Make the cron delete old session files as soon as they've expired,
    rather than padding that an additional two days.
    
    Change-Id: I9da2b26217774566b1131e997724359715edb2fe
    behatnotneeded: Covered by existing tests
    0913742c