diff options
| author | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-03-17 22:22:05 +0200 |
|---|---|---|
| committer | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-03-17 22:22:05 +0200 |
| commit | eb5b677250d16e6831bda43661c82e730358de65 (patch) | |
| tree | d7e594c756792cbdd1bde8410ad9f82b286af9bc /inc/3rdparty/Session.class.php | |
| parent | 897b2b53029b8490cd7e9ea329d4151c2f6bd123 (diff) | |
| download | wallabag-eb5b677250d16e6831bda43661c82e730358de65.tar.gz wallabag-eb5b677250d16e6831bda43661c82e730358de65.tar.zst wallabag-eb5b677250d16e6831bda43661c82e730358de65.zip | |
fix of #115 - stay connected and session livetime
Diffstat (limited to 'inc/3rdparty/Session.class.php')
| -rw-r--r-- | inc/3rdparty/Session.class.php | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index 599b68cd..4ee5d1da 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php | |||
| @@ -31,9 +31,9 @@ class Session | |||
| 31 | public static $sessionName = ''; | 31 | public static $sessionName = ''; |
| 32 | // If the user does not access any page within this time, | 32 | // If the user does not access any page within this time, |
| 33 | // his/her session is considered expired (3600 sec. = 1 hour) | 33 | // his/her session is considered expired (3600 sec. = 1 hour) |
| 34 | public static $inactivityTimeout = 86400; | 34 | public static $inactivityTimeout = 3600; |
| 35 | // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) | 35 | // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) |
| 36 | public static $longSessionTimeout = 604800; // 604800 = a week | 36 | public static $longSessionTimeout = 7776000; // 7776000 = 90 days |
| 37 | // If you get disconnected often or if your IP address changes often. | 37 | // If you get disconnected often or if your IP address changes often. |
| 38 | // Let you disable session cookie hijacking protection | 38 | // Let you disable session cookie hijacking protection |
| 39 | public static $disableSessionProtection = false; | 39 | public static $disableSessionProtection = false; |
| @@ -48,8 +48,13 @@ class Session | |||
| 48 | /** | 48 | /** |
| 49 | * Initialize session | 49 | * Initialize session |
| 50 | */ | 50 | */ |
| 51 | public static function init() | 51 | public static function init($longlastingsession = false) |
| 52 | { | 52 | { |
| 53 | //check if session name is correct | ||
| 54 | if ( session_id() && session_id()!=self::$sessionName ) { | ||
| 55 | session_destroy(); | ||
| 56 | } | ||
| 57 | |||
| 53 | // Force cookie path (but do not change lifetime) | 58 | // Force cookie path (but do not change lifetime) |
| 54 | $cookie = session_get_cookie_params(); | 59 | $cookie = session_get_cookie_params(); |
| 55 | // Default cookie expiration and path. | 60 | // Default cookie expiration and path. |
| @@ -61,12 +66,19 @@ class Session | |||
| 61 | if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { | 66 | if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { |
| 62 | $ssl = true; | 67 | $ssl = true; |
| 63 | } | 68 | } |
| 64 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl); | 69 | |
| 70 | if ( $longlastingsession ) { | ||
| 71 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); | ||
| 72 | } | ||
| 73 | else { | ||
| 74 | session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); | ||
| 75 | } | ||
| 76 | |||
| 65 | // Use cookies to store session. | 77 | // Use cookies to store session. |
| 66 | ini_set('session.use_cookies', 1); | 78 | ini_set('session.use_cookies', 1); |
| 67 | // Force cookies for session (phpsessionID forbidden in URL) | 79 | // Force cookies for session (phpsessionID forbidden in URL) |
| 68 | ini_set('session.use_only_cookies', 1); | 80 | ini_set('session.use_only_cookies', 1); |
| 69 | if (!session_id()) { | 81 | if ( !session_id() ) { |
| 70 | // Prevent php to use sessionID in URL if cookies are disabled. | 82 | // Prevent php to use sessionID in URL if cookies are disabled. |
| 71 | ini_set('session.use_trans_sid', false); | 83 | ini_set('session.use_trans_sid', false); |
| 72 | if (!empty(self::$sessionName)) { | 84 | if (!empty(self::$sessionName)) { |
| @@ -115,6 +127,9 @@ class Session | |||
| 115 | if (self::banCanLogin()) { | 127 | if (self::banCanLogin()) { |
| 116 | if ($login === $loginTest && $password === $passwordTest) { | 128 | if ($login === $loginTest && $password === $passwordTest) { |
| 117 | self::banLoginOk(); | 129 | self::banLoginOk(); |
| 130 | |||
| 131 | self::init($longlastingsession); | ||
| 132 | |||
| 118 | // Generate unique random number to sign forms (HMAC) | 133 | // Generate unique random number to sign forms (HMAC) |
| 119 | $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand()); | 134 | $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand()); |
| 120 | $_SESSION['ip'] = self::_allIPs(); | 135 | $_SESSION['ip'] = self::_allIPs(); |
| @@ -135,6 +150,7 @@ class Session | |||
| 135 | self::banLoginFailed(); | 150 | self::banLoginFailed(); |
| 136 | } | 151 | } |
| 137 | 152 | ||
| 153 | self::init(); | ||
| 138 | return false; | 154 | return false; |
| 139 | } | 155 | } |
| 140 | 156 | ||