fix: corrected session issues

thorsten · thorsten · commit 590275beb6d2 · 2026-03-04T18:08:03.000+01:00
diff --git a/phpmyfaq/src/Bootstrap.php b/phpmyfaq/src/Bootstrap.php
@@ -170,6 +170,8 @@
     ini_set('session.cookie_httponly', 'true');
     ini_set('session.cookie_secure', $request->isSecure());
     ini_set('url_rewriter.tags', '');
+    ini_set('session.gc_maxlifetime', PMF_AUTH_TIMEOUT * 60);
+    ini_set('session.cookie_lifetime', 0);
 
     //
     // Start the PHP session
@@ -182,7 +184,7 @@
 }
 
 //
-// Connect to LDAP server, when LDAP support is enabled
+// Connect to the LDAP server when LDAP support is enabled
 //
 if ($faqConfig->isLdapActive() && file_exists(PMF_CONFIG_DIR . '/ldap.php') && extension_loaded('ldap')) {
     $ldapConfig = new LdapConfiguration(PMF_CONFIG_DIR . '/ldap.php');
diff --git a/phpmyfaq/src/phpMyFAQ/Session/Token.php b/phpmyfaq/src/phpMyFAQ/Session/Token.php
@@ -25,7 +25,7 @@ class Token
 {
     final public const PMF_SESSION_NAME = 'pmf-csrf-token';
 
-    private const PMF_SESSION_EXPIRY = 1800;
+    private const PMF_SESSION_EXPIRY = PMF_AUTH_TIMEOUT * 60;
 
     private string $page;
 

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ class Token`
`25`	`25`	`{`
`26`	`26`	`final public const PMF_SESSION_NAME = 'pmf-csrf-token';`
`27`	`27`
`28`		`- private const PMF_SESSION_EXPIRY = 1800;`
	`28`	`+ private const PMF_SESSION_EXPIRY = PMF_AUTH_TIMEOUT * 60;`
`29`	`29`
`30`	`30`	`private string $page;`
`31`	`31`