From 3124fa60bf4be3e4c2b331cfed7de07b2596a1b4 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 10 Dec 2019 15:59:50 +0100
Subject: [inc/Session] Add timeout param to Session::set(), purge on load

---
 inc/session.inc.php | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/inc/session.inc.php b/inc/session.inc.php
index c08c8c4a..6204c98c 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -46,17 +46,22 @@ class Session
 
 	public static function get($key)
 	{
-		if (!isset(self::$data[$key])) return false;
-		return self::$data[$key];
+		if (!isset(self::$data[$key]) || !is_array(self::$data[$key])) return false;
+		return self::$data[$key][0];
 	}
 
-	public static function set($key, $value)
+	/**
+	 * @param string $key key of entry
+	 * @param mixed $value data to store for key, false = delete
+	 * @param int|false $validMinutes validity in minutes, or false = forever
+	 */
+	public static function set($key, $value, $validMinutes = false)
 	{
 		if (self::$data === false) Util::traceError('Tried to set session data with no active session');
 		if ($value === false) {
 			unset(self::$data[$key]);
 		} else {
-			self::$data[$key] = $value;
+			self::$data[$key] = [$value, $validMinutes === false ? false : time() + $validMinutes * 60];
 		}
 	}
 	
@@ -99,7 +104,19 @@ class Session
 			return false;
 		}	
 		self::$data = @unserialize(@file_get_contents($sessionfile));
-		if (self::$data === false) return false;
+		if (self::$data === false)
+			return false;
+		$now = time();
+		$save = false;
+		foreach (array_keys(self::$data) as $key) {
+			if (self::$data[$key][1] !== false && self::$data[$key][1] < $now) {
+				unset(self::$data[$key]);
+				$save = true;
+			}
+		}
+		if ($save) {
+			self::save();
+		}
 		return true;
 	}
 	
-- 
cgit v1.2.3-55-g7522