fix for long lasting session

author: Dmitry Sandalov <dmitry@sandalov.org> 2013-12-21 23:39:45 +0400
committer: Dmitry Sandalov <dmitry@sandalov.org> 2013-12-21 23:39:45 +0400
commit: a0aa150418b628b32b18c70436d6be495129ee38 (patch)
tree: dfde1480ced98e78ed2d3e007e7bbd2f87be5a8f
parent: 5c8d438c08f12e20e237e0c9a9ea9cb63b58fa1d (diff)
download: wallabag-a0aa150418b628b32b18c70436d6be495129ee38.tar.gz
wallabag-a0aa150418b628b32b18c70436d6be495129ee38.tar.zst
wallabag-a0aa150418b628b32b18c70436d6be495129ee38.zip
2 files changed, 11 insertions, 3 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index df913a06..32624559 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -32,6 +32,8 @@ class Session
    // If the user does not access any page within this time,
    // his/her session is considered expired (3600 sec. = 1 hour)
    public static $inactivityTimeout = 3600;
+    // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
+    public static $longSessionTimeout = 82800;
    // If you get disconnected often or if your IP address changes often.
    // Let you disable session cookie hijacking protection
    public static $disableSessionProtection = false;
@@ -106,6 +108,7 @@ class Session
        $password,
        $loginTest,
        $passwordTest,
+        $longlastingsession,
        $pValues = array())
    {
        self::banInit();
@@ -118,7 +121,11 @@ class Session
                $_SESSION['username'] = $login;
                // Set session expiration.
                $_SESSION['expires_on'] = time() + self::$inactivityTimeout;
+                if ($longlastingsession) {
+                        $_SESSION['longlastingsession'] = self::$longSessionTimeout;
+                        $_SESSION['expires_on'] += $_SESSION['longlastingsession'];
+                }
+                
                foreach ($pValues as $key => $value) {
                    $_SESSION[$key] = $value;
                }
@@ -136,7 +143,7 @@ class Session
     */
    public static function logout()
    {
-        unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['poche_user']);
+        unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
    }
    /**
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index d415dd03..adec9b28 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -678,7 +678,8 @@ class Poche
            $user = $this->store->login($login, Tools::encodeString($password . $login));
            if ($user != array()) {
                # Save login into Session
-                Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user)));
+                $longlastingsession = isset($_POST['longlastingsession']);
+                Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user)));
                $this->messages->add('s', _('welcome to your poche'));
                Tools::logm('login successful');
                Tools::redirect($referer);
author	Dmitry Sandalov <dmitry@sandalov.org>	2013-12-21 23:39:45 +0400
committer	Dmitry Sandalov <dmitry@sandalov.org>	2013-12-21 23:39:45 +0400
commit	a0aa150418b628b32b18c70436d6be495129ee38 (patch)
tree	dfde1480ced98e78ed2d3e007e7bbd2f87be5a8f
parent	5c8d438c08f12e20e237e0c9a9ea9cb63b58fa1d (diff)
download	wallabag-a0aa150418b628b32b18c70436d6be495129ee38.tar.gz wallabag-a0aa150418b628b32b18c70436d6be495129ee38.tar.zst wallabag-a0aa150418b628b32b18c70436d6be495129ee38.zip

diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index df913a06..32624559 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php
@@ -32,6 +32,8 @@ class Session
32	// If the user does not access any page within this time,	32	// If the user does not access any page within this time,
33	// his/her session is considered expired (3600 sec. = 1 hour)	33	// his/her session is considered expired (3600 sec. = 1 hour)
34	public static $inactivityTimeout = 3600;	34	public static $inactivityTimeout = 3600;
		35	// Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
		36	public static $longSessionTimeout = 82800;
35	// If you get disconnected often or if your IP address changes often.	37	// If you get disconnected often or if your IP address changes often.
36	// Let you disable session cookie hijacking protection	38	// Let you disable session cookie hijacking protection
37	public static $disableSessionProtection = false;	39	public static $disableSessionProtection = false;
@@ -106,6 +108,7 @@ class Session
106	$password,	108	$password,
107	$loginTest,	109	$loginTest,
108	$passwordTest,	110	$passwordTest,
		111	$longlastingsession,
109	$pValues = array())	112	$pValues = array())
110	{	113	{
111	self::banInit();	114	self::banInit();
@@ -118,7 +121,11 @@ class Session
118	$_SESSION['username'] = $login;	121	$_SESSION['username'] = $login;
119	// Set session expiration.	122	// Set session expiration.
120	$_SESSION['expires_on'] = time() + self::$inactivityTimeout;	123	$_SESSION['expires_on'] = time() + self::$inactivityTimeout;
121		124	if ($longlastingsession) {
		125	$_SESSION['longlastingsession'] = self::$longSessionTimeout;
		126	$_SESSION['expires_on'] += $_SESSION['longlastingsession'];
		127	}
		128
122	foreach ($pValues as $key => $value) {	129	foreach ($pValues as $key => $value) {
123	$_SESSION[$key] = $value;	130	$_SESSION[$key] = $value;
124	}	131	}
@@ -136,7 +143,7 @@ class Session
136	*/	143	*/
137	public static function logout()	144	public static function logout()
138	{	145	{
139	unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['poche_user']);	146	unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
140	}	147	}
141		148
142	/**	149	/**


diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index d415dd03..adec9b28 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -678,7 +678,8 @@ class Poche
678	$user = $this->store->login($login, Tools::encodeString($password . $login));	678	$user = $this->store->login($login, Tools::encodeString($password . $login));
679	if ($user != array()) {	679	if ($user != array()) {
680	# Save login into Session	680	# Save login into Session
681	Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), array('poche_user' => new User($user)));	681	$longlastingsession = isset($_POST['longlastingsession']);
		682	Session::login($user['username'], $user['password'], $login, Tools::encodeString($password . $login), $longlastingsession, array('poche_user' => new User($user)));
682	$this->messages->add('s', _('welcome to your poche'));	683	$this->messages->add('s', _('welcome to your poche'));
683	Tools::logm('login successful');	684	Tools::logm('login successful');
684	Tools::redirect($referer);	685	Tools::redirect($referer);