Merging in changes from Voidet to correct session times. Minutes were

being used instead of seconds, for a value that expected seconds. Conflicts: cake/libs/cake_session.php cake/tests/cases/libs/controller/components/session.test.php
cakephp · Jun 27, 2010 · c119ec4 · c119ec4
1 parent b9383f1
commit c119ec4
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/app/config/core.php b/app/config/core.php
@@ -167,7 +167,7 @@
 	Configure::write('Session.cookie', 'CAKEPHP');
 
 /**
- * Session time out time (in seconds).
+ * Session time out time (in minutes).
  * Actual value depends on 'Security.level' setting.
  */
 	Configure::write('Session.timeout', '120');

diff --git a/cake/libs/cake_session.php b/cake/libs/cake_session.php
@@ -125,7 +125,7 @@ class CakeSession extends Object {
 /**
  * Session timeout multiplier factor
  *
- * @var ineteger
+ * @var integer
  * @access public
  */
 	var $timeout = null;
@@ -188,7 +188,7 @@ function __construct($base = null, $start = true) {
 			if (!class_exists('Security')) {
 				App::import('Core', 'Security');
 			}
-			$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
+			$this->sessionTime = $this->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout'));
 			$this->security = Configure::read('Security.level');
 		}
 		parent::__construct();
@@ -466,7 +466,7 @@ function __initSession() {
 		if ($iniSet && ($this->security === 'high' || $this->security === 'medium')) {
 			ini_set('session.referer_check', $this->host);
 		}
-		$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
+		$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
 
 		switch (Configure::read('Session.save')) {
 			case 'cake':
@@ -593,7 +593,7 @@ function _checkValid() {
 					$check -= 1;
 					$this->write('Config.timeout', $check);
 
-					if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
+					if (time() > ($time - (Security::inactiveMins() * 60 * Configure::read('Session.timeout')) + 2) || $check < 1) {
 						$this->renew();
 						$this->write('Config.timeout', Security::inactiveMins());
 					}
@@ -735,7 +735,7 @@ function __read($id) {
  * @access private
  */
 	function __write($id, $data) {
-		$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
+		$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins() * 60;
 		$model =& ClassRegistry::getObject('Session');
 		$return = $model->save(compact('id', 'data', 'expires'));
 		return $return;

diff --git a/cake/tests/cases/libs/controller/components/session.test.php b/cake/tests/cases/libs/controller/components/session.test.php
@@ -341,7 +341,7 @@ function testSessionDestroy() {
 		$Session->destroy('Test');
 		$this->assertNull($Session->read('Test'));
 	}
-	
+
 /**
  * testSessionTimeout method
  *
@@ -354,28 +354,33 @@ function testSessionTimeout() {
 		Configure::write('Security.level', 'low');
 		$Session =& new SessionComponent();
 		$Session->write('Test', 'some value');
+
+		$this->assertEqual($Session->sessionTime, mktime() + (300 * 60 * Configure::read('Session.timeout')));
 		$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
 		$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
 		$this->assertEqual($Session->time, mktime());
-		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
+		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
 
 		session_destroy();
 		Configure::write('Security.level', 'medium');
 		$Session =& new SessionComponent();
 		$Session->write('Test', 'some value');
+		$this->assertEqual($Session->sessionTime, mktime() + (100 * 60 * Configure::read('Session.timeout')));
 		$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
 		$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
 		$this->assertEqual($Session->time, mktime());
-		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
-
+		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
+
+
 		session_destroy();
 		Configure::write('Security.level', 'high');
 		$Session =& new SessionComponent();
 		$Session->write('Test', 'some value');
+		$this->assertEqual($Session->sessionTime, mktime() + (10 * 60 * Configure::read('Session.timeout')));
 		$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
 		$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
 		$this->assertEqual($Session->time, mktime());
-		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
+		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
 
 	}
 }