X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=application%2Fsecurity%2FSessionManager.php;h=b8b8ab8d18ccad003f897c78072b12e94d410b22;hb=62f5a7581380da7885025498de10e9a20c45b358;hp=0dcd7f905f890a37a5e103fa65deb96cd9aaa4f1;hpb=51f0128cdba52099c40693379e72f094b42a6f80;p=github%2Fshaarli%2FShaarli.git diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 0dcd7f90..b8b8ab8d 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -14,9 +14,6 @@ class SessionManager /** @var int Session expiration timeout, in seconds */ public static $LONG_TIMEOUT = 31536000; // 1 year - /** @var string Name of the cookie set after logging in **/ - public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn'; - /** @var array Local reference to the global $_SESSION array */ protected $session = []; @@ -116,8 +113,6 @@ class SessionManager */ public function storeLoginInfo($clientIpId) { - // Generate unique random number (different than phpsessionid) - $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); $this->session['ip'] = $clientIpId; $this->session['username'] = $this->conf->get('credentials.login'); $this->extendTimeValidityBy(self::$SHORT_TIMEOUT); @@ -157,7 +152,6 @@ class SessionManager public function logout() { if (isset($this->session)) { - unset($this->session['uid']); unset($this->session['ip']); unset($this->session['expires_on']); unset($this->session['username']); @@ -175,7 +169,7 @@ class SessionManager */ public function hasSessionExpired() { - if (empty($this->session['uid'])) { + if (empty($this->session['expires_on'])) { return true; } if (time() >= $this->session['expires_on']) { @@ -197,7 +191,7 @@ class SessionManager if ($this->conf->get('security.session_protection_disabled') === true) { return false; } - if ($this->session['ip'] == $clientIpId) { + if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) { return false; } return true;