From d91c1fff8e862ce2c781de6cde99fc0a339fda86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Wed, 26 Apr 2006 21:36:34 +0000
Subject: [PATCH] Allow configuration of cookie storage on client (RFE
 #1095227).

---
 ChangeLog                          | 6 ++++--
 Documentation.html                 | 5 +++++
 libraries/auth/cookie.auth.lib.php | 2 +-
 libraries/config.default.php       | 1 +
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1e2092672..1f34542ce 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,8 +32,10 @@ $Source$
       textarea ;-).
     * libraries/display_export.lib.php: Reinclude table selection (bug
       #1477226).
-    * libraries/auth/cookie.auth.lib.php: 
-        - Remove unused function.
+    * libraries/auth/cookie.auth.lib.php: Remove unused function.
+    * libraries/auth/cookie.auth.lib.php, Documentation.html,
+      libraries/config.default.php: Allow configuration of cookie storage on
+      client (RFE #1095227).
 
 2006-04-26 Sebastian Mendel <cybot_tm@users.sourceforge.net>
     * themes/*:
diff --git a/Documentation.html b/Documentation.html
index 6b13af267..2659a2d14 100755
--- a/Documentation.html
+++ b/Documentation.html
@@ -1020,6 +1020,11 @@ ALTER TABLE `pma_column_comments`
     <dt id="cfg_LoginCookieValidity">$cfg[LoginCookieValidity] integer [number of seconds]</dt>
     <dd>Define how long is login cookie valid.</dd>
 
+    <dt id="cfg_LoginCookieStore">$cfg[LoginCookieStore] integer [number of seconds]</dt>
+    <dd>Define how long is login cookie should be stored in browser. Default 0
+        means that it will be kept for existing session. This is recommended
+        for not trusted environments.</dd>
+
     <dt id="cfg_UseDbSearch">$cfg[UseDbSearch] boolean</dt>
     <dd>Define whether the "search string inside database" is enabled or not.</dd>
 
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index 192c50344..f97ef85ee 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -421,7 +421,7 @@ function PMA_auth_set_user()
     setcookie('pma_cookie_password-' . $server,
         PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)",
             $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']),
-        0,
+        $GLOBALS['cfg']['LoginCookieStore'],
         $GLOBALS['cookie_path'], '',
         $GLOBALS['is_https']);
 
diff --git a/libraries/config.default.php b/libraries/config.default.php
index c44d069af..9c7ea6f3e 100644
--- a/libraries/config.default.php
+++ b/libraries/config.default.php
@@ -136,6 +136,7 @@ $cfg['AllowUserDropDatabase']   = FALSE;  // show a 'Drop database' link to norm
 $cfg['Confirm']                 = TRUE;   // confirm 'DROP TABLE' & 'DROP DATABASE'
 $cfg['LoginCookieRecall']       = TRUE;   // recall previous login in cookie auth. mode or not
 $cfg['LoginCookieValidity']     = 1800;   // validity of cookie login (in seconds)
+$cfg['LoginCookieStore']        = 0;      // how long login cookie should be stored (in seconds)
 $cfg['UseDbSearch']             = TRUE;   // whether to enable the "database search" feature
                                           // or not
 $cfg['IgnoreMultiSubmitErrors'] = FALSE;  // if set to true, PMA continues computing multiple-statement queries