mahara-contributors team mailing list archive

Thread
Date

[Bug 1166578] Re: auth/session.php incorrectly multiplies $cfg->session_timeout by 60

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1166578@xxxxxxxxxxxxxxxxxx>
Date: Tue, 09 Apr 2013 05:33:28 -0000
Reply-to: Bug 1166578 <1166578@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: sessions

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1166578

Title:
  auth/session.php incorrectly multiplies $cfg->session_timeout by 60

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  The user interface code to set the value of $cfg->session_timeout
  assumes that the user is entering a number of seconds. It defaults to
  86400, which is the number of seconds in 24 hours.

  But, the code at the top of htdocs/auth/session.php multiplies this by
  60 before entering it into session.gc_maxlifetime. As if it were
  minutes rather than seconds.

  This hasn't caused us any problems so far (except, probably, a very
  long lifetime before session garbage collection), but it was noticed
  and caused problems for a developer implementing memcached-based
  sessions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1166578/+subscriptions

References

[Bug 1166578] [NEW] auth/session.php incorrectly multiplies $cfg->session_timeout by 60
From: Aaron Wells, 2013-04-09