Trigger an E_USER_WARNING if max idle time exceeds session.gc_maxlifetime

ajgarlag · ajgarlag · commit b69255ada3c5 · 2014-12-29T08:30:39.000+01:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/SessionExpirationListener.php b/src/Symfony/Component/Security/Http/Firewall/SessionExpirationListener.php
@@ -35,7 +35,7 @@ public function __construct(TokenStorageInterface $tokenStorage, HttpUtils $http
     {
         $this->tokenStorage = $tokenStorage;
         $this->httpUtils = $httpUtils;
-        $this->maxIdleTime = $maxIdleTime;
+        $this->setMaxIdleTime($maxIdleTime);
         $this->targetUrl = $targetUrl;
         $this->logger = $logger;
     }
@@ -74,6 +74,17 @@ public function handle(GetResponseEvent $event)
         $event->setResponse($response);
     }
 
+    /**
+     * @param int $maxIdleTime
+     */
+    private function setMaxIdleTime($maxIdleTime)
+    {
+        if ($maxIdleTime > ini_get('session.gc_maxlifetime')) {
+            trigger_error("Max idle time should not be greater than 'session.gc_maxlifetime'", \E_USER_WARNING);
+        }
+        $this->maxIdleTime = (int) $maxIdleTime;
+    }
+
     /**
      * Checks if the given session has expired.
      *
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/SessionExpirationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/SessionExpirationListenerTest.php
@@ -218,6 +218,19 @@ public function testHandleWhenSessionHasExpiredAndTargetUrl()
         $listener->handle($event);
     }
 
+    /**
+     * @expectedException \PHPUnit_Framework_Error_Warning
+     */
+    public function testWarningIsTriggeredIfMaxIdleTimeIsTooHigh()
+    {
+        $gcMaxlifetime = ini_get('session.gc_maxlifetime');
+        new SessionExpirationListener(
+            $this->getMock('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface'),
+            $this->getHttpUtils(),
+            $gcMaxlifetime + 1
+        );
+    }
+
     private function getHttpUtils()
     {
         return $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')
