Das Session-Timeout konfigurierbar gemacht; Standardwert weiterhin acht Stunden.

[mfinanz.git] / SL / Auth.pm

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 96514f188526f5aa6910a0faa92f546fb4323d86..5fb04e6d915815adc2e57224d40bf423dde1e5cf 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -86,6 +86,9 @@ sub _read_auth_config {
 
   $self->{authenticator}->verify_config();
 
+  $self->{session_timeout} *= 1;
+  $self->{session_timeout}  = 8 * 60 if (!$self->{session_timeout});
+
   $main::lxdebug->leave_sub();
 }
 
@@ -423,7 +426,7 @@ sub restore_session {
   $form   = $main::form;
 
   $dbh    = $self->dbconnect();
-  $query  = qq|SELECT *, (mtime < (now() - '24h'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
+  $query  = qq|SELECT *, (mtime < (now() - '$self->{session_timeout}m'::interval)) AS is_expired FROM auth.session WHERE id = ?|;
 
   $cookie = selectfirst_hashref_query($form, $dbh, $query, $session_id);
 
@@ -477,13 +480,13 @@ sub expire_sessions {
        WHERE session_id IN
          (SELECT id
           FROM auth.session
-          WHERE (mtime < (now() - '24h'::interval)))|;
+          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
 
   do_query($main::form, $dbh, $query);
 
   $query =
     qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '24h'::interval))|;
+       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
   do_query($main::form, $dbh, $query);