Merge pull request #17525 from cakephp/session-timeout

Increase session gc lifetime
cakephp · Jan 9, 2024 · cc93110 · cc93110
2 parents 253ac67 + 0b08676
commit cc93110
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 4 deletions.
diff --git a/src/Http/Session.php b/src/Http/Session.php
@@ -200,7 +200,8 @@ protected static function _defaultConfig(string $name): array|false
      *
      * ### Configuration:
      *
-     * - timeout: The time in minutes the session should be valid for.
+     * - timeout: The time in minutes that a session can be idle and remain valid.
+     *  If set to 0, no server side timeout will be applied.
      * - cookiePath: The url path for which session cookie is set. Maps to the
      *   `session.cookie_path` php.ini config. Defaults to base path of app.
      * - ini: A list of php.ini directives to change before the session start.
@@ -220,8 +221,12 @@ public function __construct(array $config = [])
             'handler' => [],
         ];
 
-        if ($config['timeout']) {
-            $config['ini']['session.gc_maxlifetime'] = 60 * $config['timeout'];
+        $lifetime = 0;
+        if (isset($config['timeout'])) {
+            $lifetime = (int)$config['timeout'] * 60;
+        }
+        if ($lifetime !== 0) {
+            $config['ini']['session.gc_maxlifetime'] = $lifetime;
         }
 
         if ($config['cookie']) {
@@ -241,7 +246,7 @@ public function __construct(array $config = [])
             $this->engine($class, $config['handler']);
         }
 
-        $this->_lifetime = (int)ini_get('session.gc_maxlifetime');
+        $this->_lifetime = $lifetime;
         $this->_isCLI = (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
         session_register_shutdown();
     }

diff --git a/tests/TestCase/Http/SessionTest.php b/tests/TestCase/Http/SessionTest.php
@@ -64,6 +64,46 @@ public function testSessionConfigIniSetting(): void
         $this->assertSame('test', ini_get('session.name'), 'Ini value is incorrect');
     }
 
+    /**
+     * test setting ini properties with Session configuration.
+     *
+     * @preserveGlobalState disabled
+     * @runInSeparateProcess
+     */
+    public function testSessionConfigTimeoutZero(): void
+    {
+        $_SESSION = null;
+
+        ini_set('session.gc_maxlifetime', 86400);
+        $config = [
+            'defaults' => 'php',
+            'timeout' => 0,
+        ];
+
+        Session::create($config);
+        $this->assertEquals(86400, ini_get('session.gc_maxlifetime'), 'ini value unchanged when timeout disabled');
+    }
+
+    /**
+     * test setting ini properties with Session configuration.
+     *
+     * @preserveGlobalState disabled
+     * @runInSeparateProcess
+     */
+    public function testSessionConfigTimeout(): void
+    {
+        $_SESSION = null;
+
+        ini_set('session.gc_maxlifetime', 86400);
+        $config = [
+            'defaults' => 'php',
+            'timeout' => 30,
+        ];
+
+        Session::create($config);
+        $this->assertEquals(30 * 60, ini_get('session.gc_maxlifetime'), 'timeout should set gc maxlifetime');
+    }
+
     /**
      * test session cookie path setting
      *