MDL-56823 session: redis sessions don't honour $CFG->sessiontimeout

The redis session handler doesn't use the sessiontimeout config setting to determine session lifetime. It has a lock expiry, which is set to 7200 (or a config setting) that is used to determine how long a lock is held onto, but that should be distinct from the session timeout.
2025-04-15 13:33:52 +02:00 · 2016-11-08 14:52:49 +10:30 · 2016-11-08 14:52:49 +10:30 · d456bd42c3
commit d456bd42c3
parent cad8adccc7
1 changed files with 13 additions and 3 deletions
--- a/lib/classes/session/redis.php
+++ b/lib/classes/session/redis.php
@ -54,7 +54,7 @@ class redis extends handler {
     * @var int $lockexpire how long to wait in seconds before expiring the lock automatically
     * so that other requests may continue execution, ignored if PECL redis is below version 2.2.0.
     */
-    protected $lockexpire = 7200;
+    protected $lockexpire;

    /** @var Redis Connection */
    protected $connection = null;
@ -62,6 +62,9 @@ class redis extends handler {
    /** @var array $locks List of currently held locks by this page. */
    protected $locks = array();

+    /** @var int $timeout How long sessions live before expiring. */
+    protected $timeout;
+
    /**
     * Create new instance of handler.
     */
@ -88,6 +91,13 @@ class redis extends handler {
            $this->acquiretimeout = (int)$CFG->session_redis_acquire_lock_timeout;
        }

+        // The following configures the session lifetime in redis to allow some
+        // wriggle room in the user noticing they've been booted off and
+        // letting them log back in before they lose their session entirely.
+        $updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
+        $this->timeout = $CFG->sessiontimeout + $updatefreq + MINSECS;
+
+        $this->lockexpire = $CFG->sessiontimeout;
        if (isset($CFG->session_redis_lock_expire)) {
            $this->lockexpire = (int)$CFG->session_redis_lock_expire;
        }
@ -210,7 +220,7 @@ class redis extends handler {
                $this->unlock_session($id);
                return '';
            }
-            $this->connection->expire($id, $this->lockexpire);
+            $this->connection->expire($id, $this->timeout);
        } catch (RedisException $e) {
            error_log('Failed talking to redis: '.$e->getMessage());
            throw $e;
@ -237,7 +247,7 @@ class redis extends handler {
        // There can be race conditions on new sessions racing each other but we can
        // address that in the future.
        try {
-            $this->connection->setex($id, $this->lockexpire, $data);
+            $this->connection->setex($id, $this->timeout, $data);
        } catch (RedisException $e) {
            error_log('Failed talking to redis: '.$e->getMessage());
            return false;