Commit 4092a01c authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #2859678 by dsnopek: [remember_me] SA-CONTRIB-2017-025

parent 8f3b0a3c
diff --git a/remember_me.module b/remember_me.module
index 5ce3933..f76006d 100644
--- a/remember_me.module
+++ b/remember_me.module
@@ -13,17 +13,10 @@ function remember_me_init() {
// If we have a user logged in, then we have a session.
if ($user->uid) {
- if (isset($user->remember_me) && variable_get('remember_me_managed', 0) != 0) {
- // Set lifetime as configured via admin settings.
- if (variable_get('remember_me_lifetime', 604800) != ini_get('session.cookie_lifetime')) {
- _remember_me_set_lifetime(variable_get('remember_me_lifetime', 604800));
- }
- }
- elseif (!isset($user->remember_me)) {
- // If we have cookie lifetime set already then unset it.
- if (0 != ini_get('session.cookie_lifetime')) {
- _remember_me_set_lifetime(0);
- }
+ // If the user chose to be remembered, recreate the session using the
+ // configured session timeout.
+ if (!empty($user->remember_me) && variable_get('remember_me_managed', 0)) {
+ _remember_me_set_lifetime(variable_get('remember_me_lifetime', 604800));
}
}
}
@@ -41,7 +34,13 @@ function _remember_me_set_lifetime($cookie_lifetime) {
session_write_close();
session_save_session(TRUE);
+ // Set the cookie and session lifetime. A cookie lifetime of 0 indicates that
+ // the cookie should expire when the browser is closed. The session lifetime
+ // controls how long the session can live on the server without any activity.
ini_set('session.cookie_lifetime', $cookie_lifetime);
+ if ($cookie_lifetime > 0) {
+ ini_set('session.gc_maxlifetime', $cookie_lifetime);
+ }
// Use remember_me_sess_read() to avoid reloading of user object, because
// it might be once more reloaded in some other hook_init().
@@ -91,7 +90,7 @@ function remember_me_user($op, &$edit, &$user, $category = NULL) {
function remember_me_form_alter(&$form, $form_state, $form_id) {
// Only make changes to these forms.
if (in_array($form_id, array('user_login', 'user_login_block'))) {
-
+
// Configuration for the remember me checkbox.
$cbox['remember_me'] = array(
'#title' => t('Remember me'),
@@ -113,9 +112,9 @@ function remember_me_form_alter(&$form, $form_state, $form_id) {
$form = $que + $cbox + $form;
$form[$key]['#attributes']['tabindex'] = 1;
return;
- }
+ }
$que[$key] = $val;
- }
+ }
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment