Session and ACL Login Class update

Session:
regenerate session id after some time or random.
Default is 'never', can be 'interval' form 0 to 1h and random from always to 1 in 100
Session also checks that strict session settings are enabled

Login class:
Automatic re-read of acl settings after some time (default 5min, can be chnaged via option).
Default set strict headers, can be turned off via option
Moved various parts into their own methods and cleaned up double call logic.
Login is now recorded in the last login entry
no more debug flags are read from the database anymore
All options are set via array and not with a single option (was auto login)

4dev/tests/ACL/CoreLibsACLLoginTest.php

@@ -1185,7 +1185,6 @@ final class CoreLibsACLLoginTest extends TestCase
 		foreach ($session as $session_var => $session_value) {
 			$_SESSION[$session_var] = $session_value;
 		}
-
 		/** @var \CoreLibs\ACL\Login&MockObject */
 		$login_mock = $this->getMockBuilder(\CoreLibs\ACL\Login::class)
 			->setConstructorArgs([
@@ -1204,7 +1203,7 @@ final class CoreLibsACLLoginTest extends TestCase
 						. 'locale' . DIRECTORY_SEPARATOR,
 				]
 			])
-			->onlyMethods(['loginTerminate', 'loginReadPageName', 'loginPrintLogin'])
+			->onlyMethods(['loginTerminate', 'loginReadPageName', 'loginPrintLogin', 'loginEnhanceHttpSecurity'])
 			->getMock();
 		$login_mock->expects($this->any())
 			->method('loginTerminate')
@@ -1222,6 +1221,10 @@ final class CoreLibsACLLoginTest extends TestCase
 			->method('loginPrintLogin')
 			->willReturnCallback(function () {
 			});
+		$login_mock->expects($this->any())
+			->method('loginEnhanceHttpSecurity')
+			->willReturnCallback(function () {
+			});
 
 		// if mock_settings: enabled OFF
 		// run DB update and set off

4dev/tests/ACL/database/CoreLibsACLLogin_database_create_data.sql

@@ -581,6 +581,8 @@ CREATE TABLE edit_user (
     protected SMALLINT NOT NULL DEFAULT 0,
     -- is admin user
     admin SMALLINT NOT NULL DEFAULT 0,
+    -- forced logout counter
+    force_logout INT DEFAULT 0,
     -- last login log
     last_login TIMESTAMP WITHOUT TIME ZONE,
     -- login error
@@ -697,6 +699,7 @@ CREATE TABLE edit_log (
     action_value VARCHAR, -- in action_data
     action_type VARCHAR, -- in action_data
     action_error VARCHAR -- in action_data
+) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_log.sql
 -- START: table/edit_log_overflow.sql
 -- AUTHOR: Clemens Schwaighofer

4dev/tests/Create/CoreLibsCreateSessionTest.php

@@ -54,7 +54,9 @@ final class CoreLibsCreateSessionTest extends TestCase
 					'getSessionId' => '1234abcd4567'
 				],
 				'sessionNameGlobals',
-				false,
+				[
+					'auto_write_close' => false,
+				],
 			],
 			'auto write close' => [
 				'sessionNameAutoWriteClose',
@@ -66,7 +68,9 @@ final class CoreLibsCreateSessionTest extends TestCase
 					'getSessionId' => '1234abcd4567'
 				],
 				'sessionNameAutoWriteClose',
-				true,
+				[
+					'auto_write_close' => true,
+				],
 			],
 		];
 	}
@@ -81,13 +85,14 @@ final class CoreLibsCreateSessionTest extends TestCase
 	 * @param string $input
 	 * @param array<mixed> $mock_data
 	 * @param string $expected
+	 * @param array<string,mixed> $options
 	 * @return void
 	 */
 	public function testStartSession(
 		string $input,
 		array $mock_data,
 		string $expected,
-		?bool $auto_write_close,
+		?array $options,
 	): void {
 		/** @var \CoreLibs\Create\Session&MockObject $session_mock */
 		$session_mock = $this->createPartialMock(
@@ -174,9 +179,14 @@ final class CoreLibsCreateSessionTest extends TestCase
 				4,
 				'/^\[SESSION\] Failed to activate session/'
 			],
+			'expired session' => [
+				\RuntimeException::class,
+				5,
+				'/^\[SESSION\] Expired session found/'
+			],
 			'not a valid session id returned' => [
 				\UnexpectedValueException::class,
-				5,
+				6,
 				'/^\[SESSION\] getSessionId did not return a session id/'
 			], */
 		];
@@ -206,7 +216,8 @@ final class CoreLibsCreateSessionTest extends TestCase
 		$this->expectException($exception);
 		$this->expectExceptionCode($exception_code);
 		$this->expectExceptionMessageMatches($expected_error);
-		new \CoreLibs\Create\Session($session_name);
+		// cannot set ini after header sent, plus we are on command line there are no headers
+		new \CoreLibs\Create\Session($session_name, ['session_strict' => false]);
 	}
 
 	/**