Add a new default settings -> security -> session_rotate.

resources/php.php

@@ -30,20 +30,16 @@
 	//session handling
 		//start the session
 			session_start();
-		//set the last activity time stamp
-			$_SESSION['session']['last_activity'] = time();
-		//check whether to timout the session
-			//if (isset($_SESSION['session']['last_activity']) && (time() - $_SESSION['session']['last_activity'] > 14400)) {
-			//	session_destroy();	// destroy session data in storage
-			//	session_unset();	// unset $_SESSION variable for the runtime
-			//}
 		//regenerate sessions to avoid session id attacks such as session fixation
-			if (!isset($_SESSION['session']['created'])) {
-				$_SESSION['session']['created'] = time();
-			} else if (time() - $_SESSION['session']['created'] > 28800) {
-				// session started more than 8 hours ago
-				session_regenerate_id(true);    // rotate the session id
-				$_SESSION['session']['created'] = time();  // update creation time
+			if ($_SESSION['security']['session_rotate']['boolean'] == "true") {
+				$_SESSION['session']['last_activity'] = time();
+				if (!isset($_SESSION['session']['created'])) {
+					$_SESSION['session']['created'] = time();
+				} else if (time() - $_SESSION['session']['created'] > 28800) {
+					// session started more than 8 hours ago
+					session_regenerate_id(true);    // rotate the session id
+					$_SESSION['session']['created'] = time();  // update creation time
+				}
 			}
 
 	//get the document_root parent directory