Skip to content
GitLab
Commit d456bd42 authored by Adam Olley's avatar Adam Olley
Browse files

MDL-56823 session: redis sessions don't honour $CFG->sessiontimeout 

The redis session handler doesn't use the sessiontimeout config setting
to determine session lifetime.

It has a lock expiry, which is set to 7200 (or a config setting) that is
used to determine how long a lock is held onto, but that should be
distinct from the session timeout.
parent cad8adcc
Hide whitespace changes
Inline Side-by-side
lib/classes/session/redis.php
View file @ d456bd42
...@@ -54,7 +54,7 @@ class redis extends handler { ...@@ -54,7 +54,7 @@ class redis extends handler {
* @var int $lockexpire how long to wait in seconds before expiring the lock automatically * @var int $lockexpire how long to wait in seconds before expiring the lock automatically
* so that other requests may continue execution, ignored if PECL redis is below version 2.2.0. * so that other requests may continue execution, ignored if PECL redis is below version 2.2.0.
*/ */
protected $lockexpire = 7200; protected $lockexpire;
/** @var Redis Connection */ /** @var Redis Connection */
protected $connection = null; protected $connection = null;
...@@ -62,6 +62,9 @@ class redis extends handler { ...@@ -62,6 +62,9 @@ class redis extends handler {
/** @var array $locks List of currently held locks by this page. */ /** @var array $locks List of currently held locks by this page. */
protected $locks = array(); protected $locks = array();
/** @var int $timeout How long sessions live before expiring. */
protected $timeout;
/** /**
* Create new instance of handler. * Create new instance of handler.
*/ */
...@@ -88,6 +91,13 @@ class redis extends handler { ...@@ -88,6 +91,13 @@ class redis extends handler {
$this->acquiretimeout = (int)$CFG->session_redis_acquire_lock_timeout; $this->acquiretimeout = (int)$CFG->session_redis_acquire_lock_timeout;
} }
// The following configures the session lifetime in redis to allow some
// wriggle room in the user noticing they've been booted off and
// letting them log back in before they lose their session entirely.
$updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
$this->timeout = $CFG->sessiontimeout + $updatefreq + MINSECS;
$this->lockexpire = $CFG->sessiontimeout;
if (isset($CFG->session_redis_lock_expire)) { if (isset($CFG->session_redis_lock_expire)) {
$this->lockexpire = (int)$CFG->session_redis_lock_expire; $this->lockexpire = (int)$CFG->session_redis_lock_expire;
} }
...@@ -210,7 +220,7 @@ class redis extends handler { ...@@ -210,7 +220,7 @@ class redis extends handler {
$this->unlock_session($id); $this->unlock_session($id);
return ''; return '';
} }
$this->connection->expire($id, $this->lockexpire); $this->connection->expire($id, $this->timeout);
} catch (RedisException $e) { } catch (RedisException $e) {
error_log('Failed talking to redis: '.$e->getMessage()); error_log('Failed talking to redis: '.$e->getMessage());
throw $e; throw $e;
...@@ -237,7 +247,7 @@ class redis extends handler { ...@@ -237,7 +247,7 @@ class redis extends handler {
// There can be race conditions on new sessions racing each other but we can // There can be race conditions on new sessions racing each other but we can
// address that in the future. // address that in the future.
try { try {
$this->connection->setex($id, $this->lockexpire, $data); $this->connection->setex($id, $this->timeout, $data);
} catch (RedisException $e) { } catch (RedisException $e) {
error_log('Failed talking to redis: '.$e->getMessage()); error_log('Failed talking to redis: '.$e->getMessage());
return false; return false;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment