From 5d11420d77f7baf7471004867eec48d5fe99c51d Mon Sep 17 00:00:00 2001
From: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Date: Tue, 6 Jan 2015 17:33:23 +0100
Subject: [PATCH] [FEATURE] Add gracetime for session-timestamp-updates

Don't update the session-timestamp more often than
needed. Skipping updates for some seconds/minutes
makes no difference but may save quite some
updates.

Change-Id: Ic812993f3c7556fc90a1a5dee7b5462e822d9f45
Resolves: #64148
Releases: master
Reviewed-on: http://review.typo3.org/35838
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
---
 .../Classes/Authentication/AbstractUserAuthentication.php    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index f4593fe6a4e3..16a1d9e3aa08 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -923,9 +923,10 @@ abstract class AbstractUserAuthentication {
 				$timeout = (int)$user[$this->auth_timeout_field];
 			}
 			// If timeout > 0 (TRUE) and current time has not exceeded the latest sessions-time plus the timeout in seconds then accept user
-			// Option later on: We could check that last update was at least x seconds ago in order not to update twice in a row if one script redirects to another...
+			// Use a gracetime-value to avoid updating a session-record too often
 			if ($timeout > 0 && $GLOBALS['EXEC_TIME'] < $user['ses_tstamp'] + $timeout) {
-				if (!$skipSessionUpdate) {
+				$sessionUpdateGracePeriod = 61;
+				if (!$skipSessionUpdate && $GLOBALS['EXEC_TIME'] > ($user['ses_tstamp'] + $sessionUpdateGracePeriod)) {
 					$this->db->exec_UPDATEquery($this->session_table, 'ses_id=' . $this->db->fullQuoteStr($this->id, $this->session_table)
 						. ' AND ses_name=' . $this->db->fullQuoteStr($this->name, $this->session_table), array('ses_tstamp' => $GLOBALS['EXEC_TIME']));
 					// Make sure that the timestamp is also updated in the array
-- 
2.20.1