From 4d908ff6ee67f3d907d9c8301dfb9e14d3ac9bbc Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Thu, 8 Dec 2022 10:05:44 +0100
Subject: [PATCH] fix session-timeout not being set

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/UI/Panel/UI.php | 20 ++++++++++----------
 lib/init.php                | 13 ++++++++++++-
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/lib/Froxlor/UI/Panel/UI.php b/lib/Froxlor/UI/Panel/UI.php
index 8c25950b..dcda66e1 100644
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -77,10 +77,7 @@ class UI
 
 	private static $install_mode = false;
 
-	/**
-	 * send various security related headers
-	 */
-	public static function sendHeaders()
+	public static function requestIsHttps(): bool
 	{
 		$isHttps =
 			$_SERVER['HTTPS']
@@ -88,15 +85,18 @@ class UI
 			?? $_SERVER['HTTP_X_FORWARDED_PROTO']
 			?? null;
 
-		$isHttps =
-			$isHttps && (strcasecmp('on', $isHttps) == 0
-				|| strcasecmp('https', $isHttps) == 0
-			);
-
+		return $isHttps && (strcasecmp('on', $isHttps) == 0 || strcasecmp('https', $isHttps) == 0);
+	}
+	/**
+	 * send various security related headers
+	 */
+	public static function sendHeaders()
+	{
 		session_set_cookie_params([
+			'lifetime' => 60, // will be renewed based on settings in lib/init.php
 			'path' => '/',
 			'domain' => $_SERVER['HTTP_HOST'],
-			'secure' => $isHttps,
+			'secure' => self::requestIsHttps(),
 			'httponly' => true,
 			'samesite' => 'Strict'
 		]);
diff --git a/lib/init.php b/lib/init.php
index fc57a956..6856402f 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -179,7 +179,8 @@ if (@file_exists('templates/' . $theme . '/config.json')) {
 }
 
 // check for existence of variant in theme
-if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant, $_themeoptions['variants']))) {
+if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant,
+			$_themeoptions['variants']))) {
 	$themevariant = "default";
 }
 
@@ -322,4 +323,14 @@ if (CurrentUser::hasSession()) {
 		}
 	}
 	CurrentUser::setField('csrf_token', $new_token);
+	// update cookie lifetime
+	$cookie_params = [
+		'expires' => time() + Settings::Get('session.sessiontimeout'),
+		'path' => '/',
+		'domain' => $_SERVER['HTTP_HOST'],
+		'secure' => UI::requestIsHttps(),
+		'httponly' => true,
+		'samesite' => 'Strict'
+	];
+	setcookie(session_name(), $_COOKIE[session_name()], $cookie_params);
 }