From c0fda664da9ef7b4249798a8eaae08889003f953 Mon Sep 17 00:00:00 2001
From: Graham Cole <chckens@sucs.org>
Date: Wed, 30 Jan 2008 00:41:47 +0000
Subject: [PATCH] timeout anonymous sessions earlier, to stop the session table
 getting massive. And fix the inevitable stupid bug which crept in

---
 lib/session.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/session.php b/lib/session.php
index 2ee7802..135d299 100644
--- a/lib/session.php
+++ b/lib/session.php
@@ -25,6 +25,7 @@ public	$token='';		// session identifier
 public  $logintime='';  // Time which user last gave us credentials
 public	$lastseen='';		// Time of last page request
 private	$timeout = 2880;	// Idle timeout limit in minutes (session deleted), 2880 == 48 hours
+private $anonymous_timeout = 120; // Idle timeout limit for sessions which aren't logged in (set lower to stop the session table getting swamped)
 private $secure_timeout = 30;   // Idle timeout limit in minutes (consider session less secure, require reauth for sensitive ops)
 private $max_session_length = 11520; // maximum length of a session, 11520 == 8 days
 private	$table = "session";	// session storage table (const)
@@ -82,8 +83,9 @@ private $datahash='';		// hash of data field
 
 		// Time out any old sessions
 		$DB->Execute(
-			"delete from {$this->table} where lastseen < NOW() - '{$this->timeout} minutes'::reltime".
-			"or logintime < NOW() - '{$this->max_session_length} minutes'::reltime"
+			"delete from {$this->table} where lastseen < NOW() - '{$this->timeout} minutes'::reltime ".
+			"or logintime < NOW() - '{$this->max_session_length} minutes'::reltime ".
+			"or (username IS NULL AND lastseen < NOW() - '{$this->anonymous_timeout} minutes'::reltime)"
 		);
 
 
-- 
GitLab