mahara-contributors team mailing list archive

Thread
Date

[Bug 1166578] Re: auth/session.php incorrectly multiplies $cfg->session_timeout by 60

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1166578@xxxxxxxxxxxxxxxxxx>
Date: Tue, 09 Apr 2013 04:33:05 -0000
Reply-to: Bug 1166578 <1166578@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The tricky thing about this, is that in 2009 (commit
1868c657dc62fc9cd1), the default value for $cfg->session_timeout was
increased from 1800 to 86400. So, users with older installations may
have that low 1800 value, and their garbage collection lifetime will
drop from 30 hours to 30 minutes. We'll need to verify that won't cause
any problems.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1166578

Title:
  auth/session.php incorrectly multiplies $cfg->session_timeout by 60

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  The user interface code to set the value of $cfg->session_timeout
  assumes that the user is entering a number of seconds. It defaults to
  86400, which is the number of seconds in 24 hours.

  But, the code at the top of htdocs/auth/session.php multiplies this by
  60 before entering it into session.gc_maxlifetime. As if it were
  minutes rather than seconds.

  This hasn't caused us any problems so far (except, probably, a very
  long lifetime before session garbage collection), but it was noticed
  and caused problems for a developer implementing memcached-based
  sessions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1166578/+subscriptions

References

[Bug 1166578] [NEW] auth/session.php incorrectly multiplies $cfg->session_timeout by 60
From: Aaron Wells, 2013-04-09