From 709c5975430b3c48dfe41baacd52e1f202ada011 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 18 Jul 2014 14:31:33 -0500
Subject: [PATCH] session: Override PHP default for session lifetime

The PHP.ini default is 1440 seconds (24 minutes). This should be configured
to something significantly higher so that the settings in the admin panel
concerning session timeouts are relevant.

Ideally, the settings from the control panel would be used, but currently
there is an inter-dependency between session and config startups.
---
 include/class.ostsession.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index 4c34fda98..94df679d2 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -22,9 +22,7 @@ class osTicketSession {
     var $id = '';
 
     function osTicketSession($ttl=0){
-        $this->ttl =$ttl?$ttl:get_cfg_var('session.gc_maxlifetime');
-        if(!$this->ttl)
-            $this->ttl=SESSION_TTL;
+        $this->ttl = $ttl ?: ini_get('session.gc_maxlifetime') ?: SESSION_TTL;
 
         // Set osTicket specific session name.
         session_name('OSTSESSID');
@@ -32,6 +30,9 @@ class osTicketSession {
         // Forced cleanup on shutdown
         register_shutdown_function('session_write_close');
 
+        // Set session cleanup time to match TTL
+        ini_set('session.gc_maxlifetime', $ttl);
+
         if (OsticketConfig::getDBVersion())
             return session_start();
 
@@ -45,7 +46,7 @@ class osTicketSession {
             // Remote port specification, as it will make an invalid domain
             list($domain) = explode(':', $_SERVER['HTTP_HOST']);
 
-        session_set_cookie_params(86400, ROOT_PATH, $domain,
+        session_set_cookie_params($ttl, ROOT_PATH, $domain,
             osTicket::is_https());
 
         //Set handlers.
-- 
GitLab