/** @var int Session expiration timeout, in seconds */
public static $LONG_TIMEOUT = 31536000; // 1 year
- /** @var string Name of the cookie set after logging in **/
- public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn';
-
/** @var array Local reference to the global $_SESSION array */
protected $session = [];
*
* @param string $clientIpId Client IP address identifier
*/
- public function storeLoginInfo($clientIpId)
+ public function storeLoginInfo($clientIpId, $login = null)
{
- // Generate unique random number (different than phpsessionid)
- $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
$this->session['ip'] = $clientIpId;
- $this->session['username'] = $this->conf->get('credentials.login');
+ $this->session['username'] = $login ?: $this->conf->get('credentials.login');
$this->extendTimeValidityBy(self::$SHORT_TIMEOUT);
}
public function logout()
{
if (isset($this->session)) {
- unset($this->session['uid']);
unset($this->session['ip']);
unset($this->session['expires_on']);
unset($this->session['username']);
*/
public function hasSessionExpired()
{
- if (empty($this->session['uid'])) {
+ if (empty($this->session['expires_on'])) {
return true;
}
if (time() >= $this->session['expires_on']) {
if ($this->conf->get('security.session_protection_disabled') === true) {
return false;
}
- if ($this->session['ip'] == $clientIpId) {
+ if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
return false;
}
return true;