X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fsecurity%2FSessionManager.php;h=24e255283731aedb951d8624a7b2ec7dfc120136;hb=ebf615173824a46de82fa97a165bcfd883db15ce;hp=6f004b248c28d0310c6d85b0d3721b6562b24c3e;hpb=fab87c2696b9d6a26310f1bfc024b018ca5184fe;p=github%2Fshaarli%2FShaarli.git diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 6f004b24..24e25528 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -9,10 +9,10 @@ use Shaarli\Config\ConfigManager; class SessionManager { /** @var int Session expiration timeout, in seconds */ - public static $INACTIVITY_TIMEOUT = 3600; + public static $SHORT_TIMEOUT = 3600; // 1 hour - /** @var string Name of the cookie set after logging in **/ - public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn'; + /** @var int Session expiration timeout, in seconds */ + public static $LONG_TIMEOUT = 31536000; // 1 year /** @var array Local reference to the global $_SESSION array */ protected $session = []; @@ -20,6 +20,9 @@ class SessionManager /** @var ConfigManager Configuration Manager instance **/ protected $conf = null; + /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ + protected $staySignedIn = false; + /** * Constructor * @@ -32,6 +35,16 @@ class SessionManager $this->conf = $conf; } + /** + * Define whether the user should stay signed in across browser sessions + * + * @param bool $staySignedIn Keep the user signed in + */ + public function setStaySignedIn($staySignedIn) + { + $this->staySignedIn = $staySignedIn; + } + /** * Generates a session token * @@ -100,11 +113,9 @@ class SessionManager */ public function storeLoginInfo($clientIpId) { - // Generate unique random number (different than phpsessionid) - $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); $this->session['ip'] = $clientIpId; $this->session['username'] = $this->conf->get('credentials.login'); - $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT; + $this->extendTimeValidityBy(self::$SHORT_TIMEOUT); } /** @@ -112,12 +123,24 @@ class SessionManager */ public function extendSession() { - if (! empty($this->session['longlastingsession'])) { - // "Stay signed in" is enabled - $this->session['expires_on'] = time() + $this->session['longlastingsession']; - return; + if ($this->staySignedIn) { + return $this->extendTimeValidityBy(self::$LONG_TIMEOUT); } - $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT; + return $this->extendTimeValidityBy(self::$SHORT_TIMEOUT); + } + + /** + * Extend expiration time + * + * @param int $duration Expiration time extension (seconds) + * + * @return int New session expiration time + */ + protected function extendTimeValidityBy($duration) + { + $expirationTime = time() + $duration; + $this->session['expires_on'] = $expirationTime; + return $expirationTime; } /** @@ -125,19 +148,16 @@ class SessionManager * * See: * - https://secure.php.net/manual/en/function.setcookie.php - * - * @param string $webPath path on the server in which the cookie will be available on */ - public function logout($webPath) + public function logout() { if (isset($this->session)) { - unset($this->session['uid']); unset($this->session['ip']); + unset($this->session['expires_on']); unset($this->session['username']); unset($this->session['visibility']); unset($this->session['untaggedonly']); } - setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath); } /** @@ -149,9 +169,6 @@ class SessionManager */ public function hasSessionExpired() { - if (empty($this->session['uid'])) { - return true; - } if (time() >= $this->session['expires_on']) { return true; }