improved wording

2026-03-22 02:14:13 +00:00 · 2026-01-26 13:41:18 +01:00
parent 77e0b1b82a
commit 86ffc6dd77
3 changed files with 7 additions and 3 deletions
--- a/application/config/config.sample.php
+++ b/application/config/config.sample.php
@@ -439,7 +439,8 @@ $config['encryption_key'] = 'flossie1234555541';
 | 'sess_expiration'
 |
 |	The number of SECONDS you want the session to last.
-|	Minimum is 43200 seconds (12 hours) for security reasons.
+|	Default: 43200 seconds (12 hours).
+|   Setting to 0 means use the default value of 43200 seconds (12 hours).
 |
 | 'sess_save_path'
 |
--- a/install/config/config.php
+++ b/install/config/config.php
@@ -439,7 +439,8 @@ $config['encryption_key'] = '%encryptionkey%';
 | 'sess_expiration'
 |
 |	The number of SECONDS you want the session to last.
-|	Minimum is 43200 seconds (12 hours) for security reasons.
+|	Default: 43200 seconds (12 hours).
+|   Setting to 0 means use the default value of 43200 seconds (12 hours).
 |
 | 'sess_save_path'
 |
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -244,7 +244,9 @@ class CI_Session {
 	 */
 	protected function _configure(&$params)
 	{
-		// We force a minimum expiration time of 43200 seconds (12 hours) for security reasons
+		// We force a minimum expiration time of 43200 seconds (12 hours) for security reasons in case 
+		// the config value is set to 0. This prevents hijacking of sessions on shared computers over a long period of time.
+		// Lower values then 43200 seconds are still allowed, but 0 is not.
 		$expiration = config_item('sess_expiration') == 0 ? 43200 : config_item('sess_expiration');

 		if (isset($params['cookie_lifetime']))