Das Session-Timeout konfigurierbar gemacht; Standardwert weiterhin acht Stunden.

[mfinanz.git] / SL / Auth.pm

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 1d2f36f7c4597cc81c2b7fbe0450a8f30e3fa50d..5fb04e6d915815adc2e57224d40bf423dde1e5cf 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -86,18 +86,21 @@ sub _read_auth_config {
 
   $self->{authenticator}->verify_config();
 
+  $self->{session_timeout} *= 1;
+  $self->{session_timeout}  = 8 * 60 if (!$self->{session_timeout});
+
   $main::lxdebug->leave_sub();
 }
 
 sub authenticate_root {
   $main::lxdebug->enter_sub();
 
-  my $self          = shift;
-  my $password      = shift;
-  my $is_crypted    = shift;
+  my $self           = shift;
+  my $password       = shift;
+  my $is_crypted     = shift;
 
-  $password         = crypt $password, 'ro' if (!$password || !$is_crypted);
-  my $admin_password   = crypt "$self->{admin_password}", 'ro';
+  $password          = crypt $password, 'ro' if (!$password || !$is_crypted);
+  my $admin_password = crypt "$self->{admin_password}", 'ro';
 
   $main::lxdebug->leave_sub();
 
@@ -423,7 +426,7 @@ sub restore_session {
   $form   = $main::form;
 
   $dbh    = $self->dbconnect();
-  $query  = qq|SELECT *, (mtime < (now() - '24h'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
+  $query  = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
 
   $cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
 
@@ -477,13 +480,13 @@ sub expire_sessions {
        WHERE session_id IN
          (SELECT id
           FROM auth.session
-          WHERE (mtime < (now() - '24h'::interval)))|;
+          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
 
   do_query($main::form, $dbh, $query);
 
   $query =
     qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '24h'::interval))|;
+       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
   do_query($main::form, $dbh, $query);