Fix bug where session could time out if DB and PHP timezone were diff…

…erent (#8303)
roundcube · Mar 13, 2022 · 96e9427 · 96e9427 · bombcheck · Mar 15, 2022
1 parent 3516084
commit 96e9427
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,6 @@
 ## Unreleased
 
 - Enigma: Fix initial synchronization of private keys
-- Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458)
 - Fix various PHP8 warnings (#8392)
 - Fix mail headers injection via the subject field on mail compose (#8404)
 - Fix bug where small message/rfc822 parts could not be decoded (#8408)
@@ -12,6 +11,7 @@
 - Fix bug where some mail parts (images) could have not be listed as attachments (#8425)
 - Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433)
 - Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458)
+- Fix bug where session could time out if DB and PHP timezone were different (#8303)
 
 ## Release 1.5.2
 

diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php
@@ -37,7 +37,6 @@ abstract class rcube_session
  protected $vars;
  protected $now;
  protected $lifetime;
- protected $time_diff = 0;
  protected $reloaded = false;
  protected $appends = [];
  protected $unsets = [];

diff --git a/program/lib/Roundcube/session/db.php b/program/lib/Roundcube/session/db.php
@@ -123,8 +123,9 @@ public function read($key)
  return '';
  }
 
- $this->time_diff = time() - strtotime($sql_arr['ts']);
- $this->changed = strtotime($sql_arr['changed']);
+ $time_diff = time() - strtotime($sql_arr['ts']);
+
+ $this->changed = strtotime($sql_arr['changed']) + $time_diff; // local (PHP) time
  $this->ip = $sql_arr['ip'];
  $this->vars = base64_decode($sql_arr['vars']);
  $this->key = $key;
@@ -183,7 +184,7 @@ public function update($key, $newvars, $oldvars)
  . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
  base64_encode($newvars), $key);
  }
- else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
+ else if ($ts - $this->changed > $this->lifetime / 2) {
  $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
  . " WHERE `sess_id` = ?", $key);
  }
@@ -198,7 +199,7 @@ public function gc_db()
  {
  // just clean all old sessions when this GC is called
  $this->db->query("DELETE FROM " . $this->db->table_name('session')
- . " WHERE changed < " . $this->db->now(-$this->gc_enabled));
+ . " WHERE `changed` < " . $this->db->now(-$this->gc_enabled));
 
  $this->log("Session GC (DB): remove records < "
  . date('Y-m-d H:i:s', time() - $this->gc_enabled)