From c8047b9555dbf2066f37f9c2ecd966b471cd69eb Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 14 Apr 2019 13:01:40 +0200 Subject: [PATCH] [Web] Change session timeout handling [Rspamd] Add missing spamassassin.conf --- data/conf/rspamd/local.d/spamassassin.conf | 1 + data/web/inc/sessions.inc.php | 11 ++++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 data/conf/rspamd/local.d/spamassassin.conf diff --git a/data/conf/rspamd/local.d/spamassassin.conf b/data/conf/rspamd/local.d/spamassassin.conf new file mode 100644 index 00000000..663e987c --- /dev/null +++ b/data/conf/rspamd/local.d/spamassassin.conf @@ -0,0 +1 @@ +ruleset = "/etc/rspamd/custom/sa-rules-heinlein"; diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php index ddc997d1..a94d438c 100644 --- a/data/web/inc/sessions.inc.php +++ b/data/web/inc/sessions.inc.php @@ -21,7 +21,7 @@ elseif (isset($_SERVER['HTTPS'])) { else { $IS_HTTPS = false; } -// session_set_cookie_params($SESSION_LIFETIME, '/', '', $IS_HTTPS, true); + if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } @@ -35,6 +35,13 @@ if (!isset($_SESSION['SESS_REMOTE_UA'])) { $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT']; } +// Keep session active +if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) { + session_unset(); + session_destroy(); +} +$_SESSION['LAST_ACTIVITY'] = time(); + // API if (!empty($_SERVER['HTTP_X_API_KEY'])) { $stmt = $pdo->prepare("SELECT `allow_from` FROM `api` WHERE `api_key` = :api_key AND `active` = '1';"); @@ -72,8 +79,6 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) { die(); } } -// Update session cookie -// setcookie(session_name() ,session_id(), time() + $SESSION_LIFETIME); // Handle logouts if (isset($_POST["logout"])) {