Increase the CSRF token timeout

2015-09-21 18:00:04 -04:00 · 2015-09-21 18:00:04 -04:00 · 2a79424a64
commit 2a79424a64
parent a810010448
1 changed files with 2 additions and 2 deletions
--- a/airtime_mvc/application/Bootstrap.php
+++ b/airtime_mvc/application/Bootstrap.php
@ -103,10 +103,10 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
        // Check if the token exists
        if (!$csrf_namespace->authtoken) {
-            // If we don't have a token, regenerate it and set a 2 hour timeout
+            // If we don't have a token, regenerate it and set a 1 week timeout
            // Should we log the user out here if the token is expired?
            $csrf_namespace->authtoken = sha1(uniqid(rand(), 1));
-            $csrf_namespace->setExpirationSeconds(2 * 60 * 60);
+            $csrf_namespace->setExpirationSeconds(168 * 60 * 60);
        }

        //Here we are closing the session for writing because otherwise no requests