[Web] Change session timeout handling

[Rspamd] Add missing spamassassin.conf

data/conf/rspamd/local.d/spamassassin.conf

@@ -0,0 +1 @@
+ruleset = "/etc/rspamd/custom/sa-rules-heinlein";

data/web/inc/sessions.inc.php

@@ -21,7 +21,7 @@ elseif (isset($_SERVER['HTTPS'])) {
 else {
   $IS_HTTPS = false;
 }
-// session_set_cookie_params($SESSION_LIFETIME, '/', '', $IS_HTTPS, true);
+
 if (session_status() !== PHP_SESSION_ACTIVE) {
   session_start();
 }
@@ -35,6 +35,13 @@ if (!isset($_SESSION['SESS_REMOTE_UA'])) {
   $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
 }
 
+// Keep session active
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
+  session_unset();
+  session_destroy();
+}
+$_SESSION['LAST_ACTIVITY'] = time();
+
 // API
 if (!empty($_SERVER['HTTP_X_API_KEY'])) {
   $stmt = $pdo->prepare("SELECT `allow_from` FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
@@ -72,8 +79,6 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
     die();
   }
 }
-// Update session cookie
-// setcookie(session_name() ,session_id(), time() + $SESSION_LIFETIME);
 
 // Handle logouts
 if (isset($_POST["logout"])) {