From c22ebec1a9ff83eaaf3d39e7aebe9a823d096f8d Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 8 Apr 2019 17:49:35 +0200
Subject: [PATCH] webui login, reload page to prevent csrf token invalidation.
 just a simple test for something discussed with @fichtner, might be reverted
 later if deemed impractical.

---
 src/etc/inc/authgui.inc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index 0b3642db9..0f8d8bcba 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -318,7 +318,14 @@ function display_login_form($Login_Error)
 <?php endif ?>
 
     <!--[if lt IE 9]><script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js"></script><![endif]-->
-
+    <script>
+      $( document ).ready(function() {
+          // force reload every hour to prevent csrf token invalidation.
+          setTimeout(function(){
+              window.location.reload(true);
+          }, 3600000);
+      });
+    </script>
   </head>
   <body class="page-login">