Allow specifying cookie lifetime via config variable

Tweak $a->config['system']['auth_cookie_lifetime']
2017-04-21 16:15:39 +02:00 · 2017-04-21 16:15:39 +02:00 · 05b6891e89
commit 05b6891e89
parent e9f1a2e276
2 changed files with 7 additions and 2 deletions
--- a/htconfig.php
+++ b/htconfig.php
@ -91,3 +91,6 @@ $a->config['system']['directory'] = 'https://dir.friendica.social';

 // Allowed protocols in link URLs; HTTP protocols always are accepted
 $a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher');
+
+// Authentication cookie lifetime, in days
+$a->config['system']['auth_cookie_lifetime'] = 7
--- a/include/auth.php
+++ b/include/auth.php
@ -19,8 +19,10 @@ if (isset($_COOKIE["Friendica"])) {
 			}

 			// Renew the cookie
-			// Expires after 90 days - TODO: use a configuration variable
-			new_cookie(90*24*60*60, $r[0]);
+			// Expires after 7 days by default,
+			// can be set via system.auth_cookie_lifetime
+			$authcookiedays = get_config('system','auth_cookie_lifetime') || 7;
+			new_cookie($authcookiedays*24*60*60, $r[0]);

 			// Do the authentification if not done by now
 			if (!isset($_SESSION) OR !isset($_SESSION['authenticated'])) {