MDL-56823 session: redis sessions don't honour $CFG->sessiontimeout

The redis session handler doesn't use the sessiontimeout config setting to determine session lifetime. It has a lock expiry, which is set to 7200 (or a config setting) that is used to determine how long a lock is held onto, but that should be distinct from the session timeout.

MDL-56823 session: redis sessions don't honour $CFG->sessiontimeout
The redis session handler doesn't use the sessiontimeout config setting to determine session lifetime. It has a lock expiry, which is set to 7200 (or a config setting) that is used to determine how long a lock is held onto, but that should be distinct from the session timeout.
d456bd42 · Adam Olley · cad8adcc · d456bd42
Commit d456bd42 authored Nov 08, 2016 by Adam Olley
--- a/lib/classes/session/redis.php
+++ b/lib/classes/session/redis.php
@@ -54,7 +54,7 @@ class redis extends handler {
     * @var int $lockexpire how long to wait in seconds before expiring the lock automatically
     * so that other requests may continue execution, ignored if PECL redis is below version 2.2.0.
     */
-    protected $lockexpire = 7200;
+    protected $lockexpire;
    /** @var Redis Connection */
    protected $connection = null;
@@ -62,6 +62,9 @@ class redis extends handler {
    /** @var array $locks List of currently held locks by this page. */
    protected $locks = array();
+    /** @var int $timeout How long sessions live before expiring. */
+    protected $timeout;
    /**
     * Create new instance of handler.
     */
@@ -88,6 +91,13 @@ class redis extends handler {
            $this->acquiretimeout = (int)$CFG->session_redis_acquire_lock_timeout;
        }
+        // The following configures the session lifetime in redis to allow some
+        // wriggle room in the user noticing they've been booted off and
+        // letting them log back in before they lose their session entirely.
+        $updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
+        $this->timeout = $CFG->sessiontimeout + $updatefreq + MINSECS;
+        $this->lockexpire = $CFG->sessiontimeout;
        if (isset($CFG->session_redis_lock_expire)) {
            $this->lockexpire = (int)$CFG->session_redis_lock_expire;
        }
@@ -210,7 +220,7 @@ class redis extends handler {
                $this->unlock_session($id);
                return '';
            }
-            $this->connection->expire($id, $this->lockexpire);
+            $this->connection->expire($id, $this->timeout);
        } catch (RedisException $e) {
            error_log('Failed talking to redis: '.$e->getMessage());
            throw $e;
@@ -237,7 +247,7 @@ class redis extends handler {
        // There can be race conditions on new sessions racing each other but we can
        // address that in the future.
        try {
-            $this->connection->setex($id, $this->lockexpire, $data);
+            $this->connection->setex($id, $this->timeout, $data);
        } catch (RedisException $e) {
            error_log('Failed talking to redis: '.$e->getMessage());
            return false;