Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Increase the CSRF token timeout

Browse source
This commit is contained in:
Albert Santoni 2015-09-21 18:00:04 -04:00
parent a810010448
commit 2a79424a64
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
airtime_mvc/application/Bootstrap.php
View file

@ -103,10 +103,10 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace'); $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
// Check if the token exists // Check if the token exists
if (!$csrf_namespace->authtoken) { if (!$csrf_namespace->authtoken) {
// If we don't have a token, regenerate it and set a 2 hour timeout // If we don't have a token, regenerate it and set a 1 week timeout
// Should we log the user out here if the token is expired? // Should we log the user out here if the token is expired?
$csrf_namespace->authtoken = sha1(uniqid(rand(), 1)); $csrf_namespace->authtoken = sha1(uniqid(rand(), 1));
$csrf_namespace->setExpirationSeconds(2 * 60 * 60); $csrf_namespace->setExpirationSeconds(168 * 60 * 60);
} }
//Here we are closing the session for writing because otherwise no requests //Here we are closing the session for writing because otherwise no requests