// his/her session is considered expired (3600 sec. = 1 hour)
public static $inactivityTimeout = 3600;
// Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
- public static $longSessionTimeout = 82800;
+ public static $longSessionTimeout = 7776000; // 7776000 = 90 days
// If you get disconnected often or if your IP address changes often.
// Let you disable session cookie hijacking protection
public static $disableSessionProtection = false;
/**
* Initialize session
*/
- public static function init()
+ public static function init($longlastingsession = false)
{
+ //check if session name is correct
+ if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
+ session_destroy();
+ }
+
// Force cookie path (but do not change lifetime)
$cookie = session_get_cookie_params();
// Default cookie expiration and path.
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
$ssl = true;
}
- session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl);
+
+ if ( $longlastingsession ) {
+ session_set_cookie_params(self::$longSessionTimeout, $cookiedir, null, $ssl, true);
+ }
+ else {
+ session_set_cookie_params(0, $cookiedir, null, $ssl, true);
+ }
+ //set server side valid session timeout
+ //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
+ ini_set('session.gc_maxlifetime', self::$longSessionTimeout);
+
// Use cookies to store session.
ini_set('session.use_cookies', 1);
// Force cookies for session (phpsessionID forbidden in URL)
ini_set('session.use_only_cookies', 1);
- if (!session_id()) {
+ if ( !session_id() ) {
// Prevent php to use sessionID in URL if cookies are disabled.
ini_set('session.use_trans_sid', false);
if (!empty(self::$sessionName)) {
if (self::banCanLogin()) {
if ($login === $loginTest && $password === $passwordTest) {
self::banLoginOk();
+
+ self::init($longlastingsession);
+
// Generate unique random number to sign forms (HMAC)
$_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand());
$_SESSION['ip'] = self::_allIPs();
self::banLoginFailed();
}
+ self::init();
return false;
}
*/
public static function logout()
{
- unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
+ // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
+
+ // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres)
+ $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
+ $args[2] = time() - 3600;
+ call_user_func_array('setcookie', $args);
+ // Suppression physique de la session
+ session_destroy();
}
/**
|| (self::$disableSessionProtection === false
&& $_SESSION['ip'] !== self::_allIPs())
|| time() >= $_SESSION['expires_on']) {
- self::logout();
+ //self::logout();
return false;
}
return true; // User is not banned.
}
+
+
+ /**
+ * Tells if a param exists in session
+ *
+ * @param $name name of the param to test
+ * @return bool
+ */
+ public static function isInSession($name)
+ {
+ return (isset($_SESSION[$name]) ? : FALSE);
+ }
+
+ /**
+ * Returns param in session
+ *
+ * @param $name name of the param to return
+ * @return mixed param or null
+ */
+ public static function getParam($name)
+ {
+ return (self::isInSession($name) ? $_SESSION[$name] : NULL);
+ }
+
+ /**
+ * Store value in session
+ *
+ * @param $name name of the variable to store
+ * @param $value value to store
+ */
+ public static function setParam($name, $value)
+ {
+ $_SESSION[$name] = $value;
+ }
}