From 2993e526524b97d85a614c5fb4f36b75cd74d5f8 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Wed, 4 Sep 2019 12:14:32 -0400
Subject: [PATCH] Fix auth timing out due to cookie timing out and getting
 deleted.

---
 web/includes/session.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/web/includes/session.php b/web/includes/session.php
index 1e2601f08..8d4c28a68 100644
--- a/web/includes/session.php
+++ b/web/includes/session.php
@@ -21,11 +21,18 @@ function zm_session_start() {
 
   session_start();
   $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
+  $now = time();
   // Do not allow to use expired session ID
-  if ( !empty($_SESSION['last_time']) && ($_SESSION['last_time'] < (time() - 180)) ) {
+  if ( !empty($_SESSION['last_time']) && ($_SESSION['last_time'] < ($now - 180)) ) {
     ZM\Info('Destroying session due to timeout. ');
     session_destroy();
     session_start();
+  } else if ( !empty($_SESSION['generated_at']) ) {
+    ZM\Logger::Debug("Have generated_at: " . $_SESSION['generated_at']);
+    if ( $_SESSION['generated_at']<($now-(ZM_COOKIE_LIFETIME/2)) ) {
+      ZM\Logger::Debug("Regenerating session because generated_at " . $_SESSION['generated_at'] . ' < ' . $now . '-'.ZM_COOKIE_LIFETIME.'/2 = '.($now-ZM_COOKIE_LIFETIME/2));
+      zm_session_regenerate_id();
+    }
   }
 } // function zm_session_start()
 
@@ -44,6 +51,7 @@ function zm_session_regenerate_id() {
   session_start();
   session_regenerate_id();
   unset($_SESSION['last_time']);
+  $_SESSION['generated_at'] = time();
 } // function zm_session_regenerate_id()
 
 function is_session_started() {