Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cookie timeouts should NOT be configurable. At a minimum, it definitely should not use the value of $conf['session']['timeout']. We almost certainly want cookies to not expire until the browser is closed. I can't think of a single reason why this shouldn't be the case - hence, no need to make this configurable. Conversely, we were not correctly setting session.gc_maxlifetime based on the value of $conf['session']['timeout']. By default, this is the only way to cause timeouts - however, it will not reliably expire right at the timelimit since the garbage collector is not run on every access. But this is the tradeoff absent doing (potentially expensive) timeout calculations on every access.
- Loading branch information