Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

enforce minimum session expiration time of 43200 seconds for security and create session_token instead of using session id for hash creation

Browse Source
This commit is contained in:
HB9HIL
2026-01-26 13:04:28 +01:00
parent 148a8e4fd9
commit ce4a5e7b9d
4 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
install/config/config.php
View File

@@ -439,7 +439,7 @@ $config['encryption_key'] = '%encryptionkey%';
| 'sess_expiration'
|
| The number of SECONDS you want the session to last.
| Setting to 0 (zero) means expire when the browser is closed.
| Minimum is 43200 seconds (12 hours) for security reasons.
|
| 'sess_save_path'
|
@@ -476,7 +476,7 @@ $config['encryption_key'] = '%encryptionkey%';
*/
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_wavelog';
$config['sess_expiration'] = 0;
$config['sess_expiration'] = 43200;
$config['sess_save_path'] = '/tmp';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;