Commit c823bfee authored by Andrew Nicols's avatar Andrew Nicols
Browse files

MDL-56129 core: Set a timeout on the session cookie

This is primarily because iOS has changed something under the hood which
means that only session cookies which have an expiry are passed around the
OS.

In order to make media playable outside of the browser (e.g. a video), we
must set a session cookie timeout.

Since the session timeout is configurable, this patch sets the cookie
timeout to the session timeout plus a period of one week.

This ensures that videos continue to work, and that the expired session
message is shown on the login page, but without requiring excessively long
session times.
parent 919b9dfa
......@@ -252,7 +252,12 @@ class manager {
// Set configuration.
session_name($sessionname);
session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $CFG->cookiehttponly);
// The session cookie expiry time cannot be extended so this needs to be set to a reasonable period, longer than
// the sessiontimeout.
// This ensures that the cookie is unlikely to timeout before the session does.
$sessionlifetime = $CFG->sessiontimeout + WEEKSECS;
session_set_cookie_params($sessionlifetime, $CFG->sessioncookiepath, $CFG->sessioncookiedomain,
$cookiesecure, $CFG->cookiehttponly);
ini_set('session.use_trans_sid', '0');
ini_set('session.use_only_cookies', '1');
ini_set('session.hash_function', '0'); // For now MD5 - we do not have room for sha-1 in sessions table.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment