Das Session-Timeout konfigurierbar gemacht; Standardwert weiterhin acht Stunden.

diff --git a/SL/Auth.pm b/SL/Auth.pm
index cbd90bc..5fb04e6 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -86,6 +86,9 @@ sub _read_auth_config {
 
   $self->{authenticator}->verify_config();
 
+  $self->{session_timeout} *= 1;
+  $self->{session_timeout}  = 8 * 60 if (!$self->{session_timeout});
+
   $main::lxdebug->leave_sub();
 }
 
@@ -423,7 +426,7 @@ sub restore_session {
   $form   = $main::form;
 
   $dbh    = $self->dbconnect();
-  $query  = qq|SELECT *, (mtime < (now() - '8h'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
+  $query  = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
 
   $cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
 
@@ -477,13 +480,13 @@ sub expire_sessions {
        WHERE session_id IN
          (SELECT id
           FROM auth.session
-          WHERE (mtime < (now() - '8h'::interval)))|;
+          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
 
   do_query($main::form, $dbh, $query);
 
   $query =
     qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '8h'::interval))|;
+       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
   do_query($main::form, $dbh, $query);
 

diff --git a/config/authentication.pl.default b/config/authentication.pl.default
index 8e1749c..42b888b 100644 (file)
--- a/config/authentication.pl.default
+++ b/config/authentication.pl.default
@@ -57,4 +57,9 @@ $self->{LDAP_config} = {
 # Der Name des Cookies kann geändert werden, sofern gewünscht.
 # $self->{cookie_name} = 'lx_office_erp_session_id';
 
+# Die Zeitspanne, bis eine inaktive Session ungültig wird, kann
+# hier geändert werden. Der Standardwert ist acht Stunden.
+# Die Angabe ist in Minuten.
+# $self->{session_timeout} = 8 * 60;
+
 1;