MDL-56823 session: redis sessions don't honour $CFG->sessiontimeout

The redis session handler doesn't use the sessiontimeout config setting to determine session lifetime. It has a lock expiry, which is set to 7200 (or a config setting) that is used to determine how long a lock is held onto, but that should be distinct from the session timeout.
abgreeve · Nov 10, 2016 · d456bd4 · d456bd4
1 parent cad8adc
commit d456bd4
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/lib/classes/session/redis.php b/lib/classes/session/redis.php
@@ -54,14 +54,17 @@ class redis extends handler {
      * @var int $lockexpire how long to wait in seconds before expiring the lock automatically
      * so that other requests may continue execution, ignored if PECL redis is below version 2.2.0.
      */
-    protected $lockexpire = 7200;
+    protected $lockexpire;
 
     /** @var Redis Connection */
     protected $connection = null;
 
     /** @var array $locks List of currently held locks by this page. */
     protected $locks = array();
 
+    /** @var int $timeout How long sessions live before expiring. */
+    protected $timeout;
+
     /**
      * Create new instance of handler.
      */
@@ -88,6 +91,13 @@ public function __construct() {
             $this->acquiretimeout = (int)$CFG->session_redis_acquire_lock_timeout;
         }
 
+        // The following configures the session lifetime in redis to allow some
+        // wriggle room in the user noticing they've been booted off and
+        // letting them log back in before they lose their session entirely.
+        $updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
+        $this->timeout = $CFG->sessiontimeout + $updatefreq + MINSECS;
+
+        $this->lockexpire = $CFG->sessiontimeout;
         if (isset($CFG->session_redis_lock_expire)) {
             $this->lockexpire = (int)$CFG->session_redis_lock_expire;
         }
@@ -210,7 +220,7 @@ public function handler_read($id) {
                 $this->unlock_session($id);
                 return '';
             }
-            $this->connection->expire($id, $this->lockexpire);
+            $this->connection->expire($id, $this->timeout);
         } catch (RedisException $e) {
             error_log('Failed talking to redis: '.$e->getMessage());
             throw $e;
@@ -237,7 +247,7 @@ public function handler_write($id, $data) {
         // There can be race conditions on new sessions racing each other but we can
         // address that in the future.
         try {
-            $this->connection->setex($id, $this->lockexpire, $data);
+            $this->connection->setex($id, $this->timeout, $data);
         } catch (RedisException $e) {
             error_log('Failed talking to redis: '.$e->getMessage());
             return false;