diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f3c233a116..b4240925ea 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -616,14 +616,14 @@ class ApplicationController < ActionController::Base ActiveSupport.run_load_hooks(:application_controller, self) def check_session_lifetime - if Setting.session_ttl_enabled? && Setting.session_ttl.to_i >= 5 && (session[:updated_at].nil? || session_expired?) + if session_expired? self.logged_user = nil if request.get? url = url_for(params) else - url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) + url = url_for(:controller => params[:controller], :action => params[:action], + :id => params[:id], :project_id => params[:project_id]) end - flash[:warning] = I18n.t('notice_forced_logout', :ttl_time => Setting.session_ttl) redirect_to(:controller => "account", :action => "login", :back_url => url) end @@ -633,7 +633,13 @@ class ApplicationController < ActionController::Base private def session_expired? - session[:updated_at] && User.current.logged? && ((session[:updated_at] + (Setting.session_ttl.to_i * 60)) < Time.now) + current_user.logged? && + (session_ttl_enabled? && (session[:updated_at].nil? || + (session[:updated_at] + Setting.session_ttl.to_i.minutes) < Time.now)) + end + + def session_ttl_enabled? + Setting.session_ttl_enabled? && Setting.session_ttl.to_i >= 5 end def permitted_params