From 8f9d7e823bbe9ec839d6074e5349b95a179044ea Mon Sep 17 00:00:00 2001
From: lin-xianming <108489988+lin-xianming@users.noreply.github.com>
Date: Tue, 18 Apr 2023 12:23:15 -0400
Subject: [PATCH] webgui: prevent PHP session gc from running early (#6499)

With the default PHP settings, there is a 1% chance for the session gc
to trigger upon the start of a session, removing session files with
modification times older than 24 minutes. This can cause sessions to
timeout earlier than indicated by the webgui settings.
---
 src/opnsense/service/templates/OPNsense/WebGui/php.ini | 1 +
 src/www/system_advanced_admin.php                      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/opnsense/service/templates/OPNsense/WebGui/php.ini b/src/opnsense/service/templates/OPNsense/WebGui/php.ini
index 5c3b228d0..68649eff2 100644
--- a/src/opnsense/service/templates/OPNsense/WebGui/php.ini
+++ b/src/opnsense/service/templates/OPNsense/WebGui/php.ini
@@ -31,3 +31,4 @@ log_errors=on
 error_log=/tmp/PHP_errors.log
 date.timezone="{{system.timezone|default('Etc/UTC')}}"
 session.save_path=/var/lib/php/sessions
+session.gc_maxlifetime={{system.webgui.session_timeout|default(240)|int * 60}}
diff --git a/src/www/system_advanced_admin.php b/src/www/system_advanced_admin.php
index 6b3879b3b..8ac47242a 100644
--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -151,6 +151,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $newciphers = !empty($pconfig['ssl-ciphers']) ? implode(':', $pconfig['ssl-ciphers']) : '';
 
         $restart_webgui = $config['system']['webgui']['protocol'] != $pconfig['webguiproto'] ||
+            $config['system']['webgui']['session_timeout'] != $pconfig['session_timeout'] ||
             $config['system']['webgui']['port'] != $pconfig['webguiport'] ||
             $config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] ||
             $config['system']['webgui']['compression'] != $pconfig['compression'] ||