aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-05-30 02:09:09 +0200
committerVirtualTam <virtualtam@flibidi.net>2018-06-02 16:46:06 +0200
commit8edd7f15886620b07064aa889aea05c5acbc0e58 (patch)
treec4299a352b3f4c518f79eb7208f667f68f8e9388 /application/security
parent704637bfebc73ada4b800b35c457e9fe56ad3567 (diff)
downloadShaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.tar.gz
Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.tar.zst
Shaarli-8edd7f15886620b07064aa889aea05c5acbc0e58.zip
SessionManager+LoginManager: fix checkLoginState logic
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application/security')
-rw-r--r--application/security/LoginManager.php2
-rw-r--r--application/security/SessionManager.php5
2 files changed, 5 insertions, 2 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 4946850b..d6784d6d 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -95,7 +95,6 @@ class LoginManager
95 // The user client has a valid stay-signed-in cookie 95 // The user client has a valid stay-signed-in cookie
96 // Session information is updated with the current client information 96 // Session information is updated with the current client information
97 $this->sessionManager->storeLoginInfo($clientIpId); 97 $this->sessionManager->storeLoginInfo($clientIpId);
98 $this->isLoggedIn = true;
99 98
100 } elseif ($this->sessionManager->hasSessionExpired() 99 } elseif ($this->sessionManager->hasSessionExpired()
101 || $this->sessionManager->hasClientIpChanged($clientIpId) 100 || $this->sessionManager->hasClientIpChanged($clientIpId)
@@ -105,6 +104,7 @@ class LoginManager
105 return; 104 return;
106 } 105 }
107 106
107 $this->isLoggedIn = true;
108 $this->sessionManager->extendSession(); 108 $this->sessionManager->extendSession();
109 } 109 }
110 110
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index 24e25528..b8b8ab8d 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -169,6 +169,9 @@ class SessionManager
169 */ 169 */
170 public function hasSessionExpired() 170 public function hasSessionExpired()
171 { 171 {
172 if (empty($this->session['expires_on'])) {
173 return true;
174 }
172 if (time() >= $this->session['expires_on']) { 175 if (time() >= $this->session['expires_on']) {
173 return true; 176 return true;
174 } 177 }
@@ -188,7 +191,7 @@ class SessionManager
188 if ($this->conf->get('security.session_protection_disabled') === true) { 191 if ($this->conf->get('security.session_protection_disabled') === true) {
189 return false; 192 return false;
190 } 193 }
191 if ($this->session['ip'] == $clientIpId) { 194 if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
192 return false; 195 return false;
193 } 196 }
194 return true; 197 return true;