feat(security): add session timeout + transaction wrapping (B1)
Session timeout: configurable idle (default 30min) and absolute (default 8h) timeouts via DB settings, enforced in web/index.php on every request. Timestamps set at login in action layer; graceful fallback for pre-existing sessions. Transaction wrapping: UserAccountService.createFromAdmin/register, roles create/edit, and permissions edit now wrap multi-step DB operations in transactions to guarantee atomicity. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -45,7 +45,8 @@ class UserServicesFactory
|
||||
$this->createUserSettingsGateway(),
|
||||
$this->createUserScopeGateway(),
|
||||
$this->createUserDirectoryGateway(),
|
||||
$this->auditServicesFactory->createSystemAuditService()
|
||||
$this->auditServicesFactory->createSystemAuditService(),
|
||||
$this->databaseSessionRepository
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user