MokoConsulting/MokoSuiteClient
0
0
Fork 0
Code Issues 81 Pull Requests 1 Releases 3 Wiki Activity

fix: move boot() session lifetime logic from core to firewall plugin

Browse Source 
Core plugin's boot() called ipIsTrusted() which was deleted in the
cleanup. The session lifetime extension for trusted IPs is now in the
firewall plugin's boot() method where ipIsTrusted() still exists.

Firewall now implements BootableExtensionInterface.

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jonathan Miller
2026-06-02 14:58:24 -05:00
parent f3d6ef948b
commit 0e5caf6b3f
2 changed files with 23 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/packages/plg_system_mokowaas/Extension/MokoWaaS.php
+1 -14
View File
@@ -161,20 +161,7 @@ class MokoWaaS extends CMSPlugin implements BootableExtensionInterface
*/
public function boot(ContainerInterface $container): void
{
$timeout = (int) $this->params->get('admin_session_timeout', 0);
if ($timeout <= 0)
{
return;
}
if ($this->ipIsTrusted())
{
// Set both PHP and Joomla session lifetimes before the
// session handler runs its expiry check.
ini_set('session.gc_maxlifetime', 315360000);
Factory::getConfig()->set('lifetime', 525600);
}
// Session lifetime for trusted IPs is now handled by the firewall plugin
}
/**
src/packages/plg_system_mokowaas_firewall/src/Extension/Firewall.php
+22 -1
View File
@@ -10,12 +10,14 @@ namespace Moko\Plugin\System\MokoWaaSFirewall\Extension;
defined('_JEXEC') or die;
use Joomla\CMS\Extension\BootableExtensionInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Log\Log;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\Router\Route;
use Joomla\Event\SubscriberInterface;
use Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper;
use Psr\Container\ContainerInterface;
/**
* MokoWaaS Firewall Plugin
@@ -25,10 +27,29 @@ use Moko\Plugin\System\MokoWaaS\Helper\MokoWaaSHelper;
*
* @since 02.32.00
*/
class Firewall extends CMSPlugin implements SubscriberInterface
class Firewall extends CMSPlugin implements SubscriberInterface, BootableExtensionInterface
{
protected $autoloadLanguage = true;
/**
* Extend session lifetime for trusted IPs before Joomla creates the session.
*/
public function boot(ContainerInterface $container): void
{
$timeout = (int) $this->params->get('admin_session_timeout', 0);
if ($timeout <= 0)
{
return;
}
if ($this->ipIsTrusted())
{
ini_set('session.gc_maxlifetime', 315360000);
Factory::getConfig()->set('lifetime', 525600);
}
}
private const BLOCKED_FILES = [
'htaccess.txt', 'web.config.txt', 'configuration.php-dist',
'README.txt', 'LICENSE.txt', 'joomla.xml', 'robots.txt.dist',