extend session time for a particular section with a zcr form

colak · 2012-09-19 14:15:27

I’m working on a site which includes a fairly involved ZCR form. By the time all the fields are filled the session expires and although the info is kept (in my browser at least) the submit button has to be clicked again.

Is there a way to extend the session time for this particular section?
Will it make the site too venerable for attacks through this page?
Is it the zcr session which expires or is it txp’s – or both?

ruud · 2012-09-19 19:25:09

ZCR uses the same table that TXP uses for comment nonces, which is why ZCR deletes nonces that are more than 10 minutes old, because that’s the same behaviour that TXP has, so if you edit the plugin to change the timeout, do NOT change the delete query with “10 minutes” in it.

Instead, this is the one you want to change:

safe_insert('txp_discuss_nonce', "issue_time = now(), nonce = '$zem_contact_nonce'");

By not setting the time to now (= 10 minute expire), but some time in the future, you can extend the expiration period. For example. If you want 30 minutes instead of 10, that’s 20 minutes extra:

safe_insert('txp_discuss_nonce', "issue_time = date_add(now(), interval 20 minute), nonce = '$zem_contact_nonce'");

If you could go back in time, it would’ve been a better idea if TXP simply deleted nonces when the stored date/time was reached, so setting a 30 minute nonce would simply mean setting the date/time of the nonce 30 minutes in the future. Oh, well…

colak · 2012-09-20 03:15:10

Thanks sooo much ruud. Will report back if the problem still persists.

Textpattern CMS

Textpattern CMS support forum

#1 2012-09-19 14:15:27

extend session time for a particular section with a zcr form

#2 2012-09-19 19:25:09

Re: extend session time for a particular section with a zcr form

#3 2012-09-20 03:15:10

Re: extend session time for a particular section with a zcr form

Board footer