From 9e1d4312555ddc1009450b1f6b7078ae35790593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Tue, 16 Aug 2022 10:09:14 +0200 Subject: [PATCH] Add config option to disable strict session timeout to be able to use read_and_close MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixed https://github.com/nextcloud/server/issues/29356 Signed-off-by: Julius Härtl --- config/config.sample.php | 11 +++++++++++ lib/base.php | 11 ++++++++++- lib/private/Session/Internal.php | 10 +++++++--- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index 025cf1105a0..fe45223361f 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -256,6 +256,17 @@ $CONFIG = [ */ 'session_lifetime' => 60 * 60 * 24, +/** + * `true` enabled a relaxed session timeout, where the session timeout would no longer be + * handled by Nextcloud but by either the PHP garbage collection or the expiration of + * potential other session backends like redis. + * + * This may lead to sessions being available for longer than what session_lifetime uses but + * comes with performance benefits as sessions are no longer a locking operation for concurrent + * requests. + */ +'session_relaxed_expiry' => false, + /** * Enable or disable session keep-alive when a user is logged in to the Web UI. * Enabling this sends a "heartbeat" to the server to keep it from timing out. diff --git a/lib/base.php b/lib/base.php index e787559c4c1..c0aee6c528f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -455,7 +455,9 @@ class OC { \OC::$server->getUserSession()->logout(); } - $session->set('LAST_ACTIVITY', time()); + if (!self::hasSessionRelaxedExpiry()) { + $session->set('LAST_ACTIVITY', time()); + } $session->close(); } @@ -466,6 +468,13 @@ class OC { return \OC::$server->getConfig()->getSystemValue('session_lifetime', 60 * 60 * 24); } + /** + * @return bool true if the session expiry should only be done by gc instead of an explicit timeout + */ + public static function hasSessionRelaxedExpiry(): bool { + return \OC::$server->getConfig()->getSystemValue('session_relaxed_expiry', false); + } + /** * Try to set some values to the required Nextcloud default */ diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php index f192b20cc95..87dd5ed6014 100644 --- a/lib/private/Session/Internal.php +++ b/lib/private/Session/Internal.php @@ -178,7 +178,7 @@ class Internal extends Session { */ public function reopen(): bool { if ($this->sessionClosed) { - $this->startSession(); + $this->startSession(false, false); $this->sessionClosed = false; return true; } @@ -225,7 +225,11 @@ class Internal extends Session { } } - private function startSession(bool $silence = false) { - $this->invoke('session_start', [['cookie_samesite' => 'Lax']], $silence); + private function startSession(bool $silence = false, bool $readAndClose = true) { + $sessionParams = ['cookie_samesite' => 'Lax']; + if (\OC::hasSessionRelaxedExpiry()) { + $sessionParams['read_and_close'] = $readAndClose; + } + $this->invoke('session_start', [$sessionParams], $silence); } }