Feature #20740 » 0011508_v2.patch
t3lib/config_default.php (Arbeitskopie) | ||
---|---|---|
'lockIP' => 2, // Integer (0-4). If >0, fe_users are locked to (a part of) their REMOTE_ADDR IP for their session. Enhances security but may throw off users that may change IP during their session (in which case you can lower it to 2 or 3). The integer indicates how many parts of the IP address to include in the check. Reducing to 1-3 means that only first, second or third part of the IP address is used. 4 is the FULL IP address and recommended. 0 (zero) disables checking of course.
|
||
'loginSecurityLevel' => '', // See description for TYPO3_CONF_VARS[BE][loginSecurityLevel]. Default state for frontend is "normal". Alternative authentication services can implement higher levels if preferred. For example, "rsa" level uses RSA password encryption (only if the rsaauth extension is installed)
|
||
'lifetime' => 0, // Integer, positive. If >0, the cookie of FE users will have a lifetime of the number of seconds this value indicates. Otherwise it will be a session cookie (deleted when browser is shut down). Setting this value to 604800 will result in automatic login of FE users during a whole week, 86400 will keep the FE users logged in for a day.
|
||
'sessionDataLifetime' => 86400, // Integer, positive. If >0, the session data will timeout and be removed after the number of seconds given (86400 seconds represents 24 hours).
|
||
'permalogin' => 2, // Integer. -1: Permanent login for FE users disabled. 0: By default permalogin is disabled for FE users but can be enabled by a form control in the login form. 1: Permanent login is by default enabled but can be disabled by a form control in the login form. // 2: Permanent login is forced to be enabled. // In any case, permanent login is only possible if TYPO3_CONF_VARS[FE][lifetime] lifetime is > 0.
|
||
'maxSessionDataSize' => 10000, // Integer. Setting the maximum size (bytes) of frontend session data stored in the table fe_session_data. Set to zero (0) means no limit, but this is not recommended since it also disables a check that session data is stored only if a confirmed cookie is set.
|
||
'lockHashKeyWords' => 'useragent', // Keyword list (Strings commaseparated). Currently only "useragent"; If set, then the FE user session is locked to the value of HTTP_USER_AGENT. This lowers the risk of session hi-jacking. However some cases (like payment gateways) might have to use the session cookie and in this case you will have to disable that feature (eg. with a blank string).
|
typo3/sysext/cms/tslib/class.tslib_feuserauth.php (Arbeitskopie) | ||
---|---|---|
var $auth_timeout_field = 6000; // Server session lifetime. If > 0: session-timeout in seconds. If false or <0: no timeout. If string: The string is a fieldname from the usertable where the timeout can be found.
|
||
var $lifetime = 0; // Client session lifetime. 0 = Session-cookies. If session-cookies, the browser will stop the session when the browser is closed. Otherwise this specifies the lifetime of a cookie that keeps the session.
|
||
protected $sessionDataLifetime = 86400; // Lifetime of session data in seconds.
|
||
var $sendNoCacheHeaders = 0;
|
||
var $getFallBack = 1; // If this is set, authentication is also accepted by the _GET. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones
|
||
var $getMethodEnabled = 1; // Login may be supplied by url.
|
||
... | ... | |
$this->auth_timeout_field = $this->lifetime;
|
||
}
|
||
$this->sessionDataLifetime = intval($GLOBALS['TYPO3_CONF_VARS']['FE']['sessionDataLifetime']);
|
||
if ($this->sessionDataLifetime <= 0) {
|
||
$this->sessionDataLifetime = 86400;
|
||
}
|
||
parent::start();
|
||
}
|
||
... | ... | |
}
|
||
// delete old data:
|
||
if ((rand()%100) <= 1) { // a possibility of 1 % for garbage collection.
|
||
$GLOBALS['TYPO3_DB']->exec_DELETEquery('fe_session_data', 'tstamp < '.intval(time()-3600*24)); // all data older than 24 hours are deleted.
|
||
$timeoutTimeStamp = intval($GLOBALS['EXEC_TIME'] - $this->sessionDataLifetime);
|
||
$GLOBALS['TYPO3_DB']->exec_DELETEquery('fe_session_data', 'tstamp < ' . $timeoutTimeStamp);
|
||
}
|
||
}
|
||
- « Previous
- 1
- 2
- Next »