demianturner
commented
11 years ago [demian] see the comment to the constructor {{{ // set session timeout to 0 (until the browser is closed) initially, // then use user timeout in isTimedOut() method }}}
using the user preferences, you can either set a global timeout (by the value you set in the preference table), or on a per-user basis (user_preference).
the $conf['session']['maxLifetime'] should be removed ...
The constructor is ignoring the configuration setting of a cookie's lifetime. It always uses 0 (zero) instead of the configuration ($conf['session']['maxLifetime'])
{{{ session_set_cookie_params(0, $conf['cookie']['path'], $conf['cookie']['domain'], $conf['cookie']['secure']); }}}
Should be changed to
{{{ session_set_cookie_params($conf['session']['maxLifetime'], $conf['cookie']['path'], $conf['cookie']['domain'], $conf['cookie']['secure']); }}}
Doing this change will allow cookies to expire properly when set from the configuration.