Hi, if you upgrade, it might affect you in one way: because we introduced an idle timeout the session could expire earlier (default value is 600 sec). The "hard" timeout is unchanged and will expire the session in any case after 1200 seconds (default value).
Could we discuss why the code uses $_SERVER["REQUEST_TIME"] for the current time? And I think it should be more consistent: we use $_SERVER["REQUEST_TIME"] to check for a timeout but we use time() to actually set/update the values. Regards, Philipp