Switched over to using the previously unused Security::inactiveMins() method for getting timeout modifiers

Signed-off-by: Mark Story <mark@mark-story.com>
2025-03-18 23:49:55 +00:00 · 2010-05-07 16:37:14 +10:00 · 2010-05-07 16:37:14 +10:00 · b04a3f8514
commit b04a3f8514
parent 5cf08cbe92
2 changed files with 18 additions and 43 deletions
--- a/cake/libs/cake_session.php
+++ b/cake/libs/cake_session.php
@ -199,18 +199,6 @@ class CakeSession extends Object {
 			$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
 			$this->security = Configure::read('Security.level');
 		}
 		switch ($this->security) {
 			case 'medium':
 				$this->factor = 5040;
 			break;
 			case 'low':
 				$this->factor = 2628000;
 			break;
 			case 'high':
 			default:
 				$this->factor = 10;
 			break;
 		}
 		parent::__construct();
 	}
@ -487,20 +475,20 @@ class CakeSession extends Object {
 		switch ($this->security) {
 			case 'high':
-				$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
+				$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
 				if ($iniSet) {
 					ini_set('session.referer_check', $this->host);
 				}
 			break;
 			case 'medium':
-				$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
+				$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
 				if ($iniSet) {
 					ini_set('session.referer_check', $this->host);
 				}
 			break;
 			case 'low':
 			default:
-				$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
+				$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
 			break;
 		}
@ -627,11 +615,11 @@ class CakeSession extends Object {
 				if (Configure::read('Security.level') === 'high') {
 					$check = $this->read('Config.timeout');
 					$check = $check - 1;
-					$this->write('Config.timeout', $this->factor);
+					$this->write('Config.timeout', Security::inactiveMins());
 					if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
 						$this->renew();
-						$this->write('Config.timeout', $this->factor);
+						$this->write('Config.timeout', Security::inactiveMins());
 					}
 				}
 				$this->valid = true;
@ -643,7 +631,7 @@ class CakeSession extends Object {
 		} else {
 			$this->write('Config.userAgent', $this->_userAgent);
 			$this->write('Config.time', $this->sessionTime);
-			$this->write('Config.timeout', $this->factor);
+			$this->write('Config.timeout', Security::inactiveMins());
 			$this->valid = true;
 			$this->__setError(1, 'Session is valid');
 		}
@ -771,21 +759,7 @@ class CakeSession extends Object {
 * @access private
 */
 	function __write($id, $data) {
-		switch (Configure::read('Security.level')) {
+		$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
 			case 'medium':
 				$factor = 5040;
 			break;
 			case 'low':
 				$factor = 2628000;
 			break;
 			case 'high':
 			default:
 				$factor = 10;
 			break;
 		}
 		$expires = time() + Configure::read('Session.timeout') * $factor;
 		$model =& ClassRegistry::getObject('Session');
 		$return = $model->save(compact('id', 'data', 'expires'));
 		return $return;
--- a/cake/tests/cases/libs/controller/components/session.test.php
+++ b/cake/tests/cases/libs/controller/components/session.test.php
@ -351,31 +351,32 @@ class SessionComponentTest extends CakeTestCase {
 	function testSessionTimeout() {
 		session_destroy();
-		$Session =& new SessionComponent();
+		unset($Session);
 		Configure::write('Security.level', 'low');
 		$Session =& new SessionComponent();
 		$Session->write('Test', 'some value');
-		$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+		$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
 		$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
 		$this->assertEqual($Session->time, mktime());
-		$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
-		
+
 		session_destroy();
 		$Session =& new SessionComponent();
 		Configure::write('Security.level', 'medium');
 		$Session =& new SessionComponent();
 		$Session->write('Test', 'some value');
-		$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+		$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
 		$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
 		$this->assertEqual($Session->time, mktime());
-		$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
 		session_destroy();
 		$Session =& new SessionComponent();
 		Configure::write('Security.level', 'high');
 		$Session =& new SessionComponent();
 		$Session->write('Test', 'some value');
-		$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+		$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
 		$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
 		$this->assertEqual($Session->time, mktime());
-		$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+		$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
 	}
 }