Allow specifying cookie lifetime via config variable

Tweak $a->config['system']['auth_cookie_lifetime']

diff --git a/htconfig.php b/htconfig.php
index 4ea97e9aeb760f659a3d45adb9aa6a04ac5d9a78..08beb0b50e483c12ee2b0801a0b8ade48cbe806d 100644 (file)
--- a/htconfig.php
+++ b/htconfig.php
@@ -91,3 +91,6 @@ $a->config['system']['directory'] = 'https://dir.friendica.social';
 
 // Allowed protocols in link URLs; HTTP protocols always are accepted
 $a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher');
+
+// Authentication cookie lifetime, in days
+$a->config['system']['auth_cookie_lifetime'] = 7

diff --git a/include/auth.php b/include/auth.php
index 636b5b153afa9d24ada00b119b561bacb23fdacb..2258128c5d8dcc873a28417fc27273308f45d643 100644 (file)
--- a/include/auth.php
+++ b/include/auth.php
@@ -19,8 +19,10 @@ if (isset($_COOKIE["Friendica"])) {
                        }
 
                        // Renew the cookie
-                       // Expires after 90 days - TODO: use a configuration variable
-                       new_cookie(90*24*60*60, $r[0]);
+                       // Expires after 7 days by default,
+                       // can be set via system.auth_cookie_lifetime
+                       $authcookiedays = get_config('system','auth_cookie_lifetime') || 7;
+                       new_cookie($authcookiedays*24*60*60, $r[0]);
 
                        // Do the authentification if not done by now
                        if (!isset($_SESSION) OR !isset($_SESSION['authenticated'])) {