From 2a79424a640f5e7c96a2eb7703cc37a5b2c10168 Mon Sep 17 00:00:00 2001 From: Albert Santoni Date: Mon, 21 Sep 2015 18:00:04 -0400 Subject: [PATCH] Increase the CSRF token timeout --- airtime_mvc/application/Bootstrap.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/airtime_mvc/application/Bootstrap.php b/airtime_mvc/application/Bootstrap.php index abc9ad99b..97719079a 100644 --- a/airtime_mvc/application/Bootstrap.php +++ b/airtime_mvc/application/Bootstrap.php @@ -103,10 +103,10 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap $csrf_namespace = new Zend_Session_Namespace('csrf_namespace'); // Check if the token exists if (!$csrf_namespace->authtoken) { - // If we don't have a token, regenerate it and set a 2 hour timeout + // If we don't have a token, regenerate it and set a 1 week timeout // Should we log the user out here if the token is expired? $csrf_namespace->authtoken = sha1(uniqid(rand(), 1)); - $csrf_namespace->setExpirationSeconds(2 * 60 * 60); + $csrf_namespace->setExpirationSeconds(168 * 60 * 60); } //Here we are closing the session for writing because otherwise no requests