diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2014-03-17 21:49:42 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2014-03-17 21:49:42 +0100 |
commit | a7048bc45d63710b2e550b4ad467bd91e75c7acf (patch) | |
tree | d7e594c756792cbdd1bde8410ad9f82b286af9bc /inc/3rdparty/Session.class.php | |
parent | 897b2b53029b8490cd7e9ea329d4151c2f6bd123 (diff) | |
parent | eb5b677250d16e6831bda43661c82e730358de65 (diff) | |
download | wallabag-a7048bc45d63710b2e550b4ad467bd91e75c7acf.tar.gz wallabag-a7048bc45d63710b2e550b4ad467bd91e75c7acf.tar.zst wallabag-a7048bc45d63710b2e550b4ad467bd91e75c7acf.zip |
Merge pull request #567 from mariroz/fix-session-livetime
fix of #115 - stay connected and session livetime
Diffstat (limited to 'inc/3rdparty/Session.class.php')
-rw-r--r-- | inc/3rdparty/Session.class.php | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index 599b68cd..4ee5d1da 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php | |||
@@ -31,9 +31,9 @@ class Session | |||
31 | public static $sessionName = ''; | 31 | public static $sessionName = ''; |
32 | // If the user does not access any page within this time, | 32 | // If the user does not access any page within this time, |
33 | // his/her session is considered expired (3600 sec. = 1 hour) | 33 | // his/her session is considered expired (3600 sec. = 1 hour) |
34 | public static $inactivityTimeout = 86400; | 34 | public static $inactivityTimeout = 3600; |
35 | // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) | 35 | // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) |
36 | public static $longSessionTimeout = 604800; // 604800 = a week | 36 | public static $longSessionTimeout = 7776000; // 7776000 = 90 days |
37 | // If you get disconnected often or if your IP address changes often. | 37 | // If you get disconnected often or if your IP address changes often. |
38 | // Let you disable session cookie hijacking protection | 38 | // Let you disable session cookie hijacking protection |
39 | public static $disableSessionProtection = false; | 39 | public static $disableSessionProtection = false; |
@@ -48,8 +48,13 @@ class Session | |||
48 | /** | 48 | /** |
49 | * Initialize session | 49 | * Initialize session |
50 | */ | 50 | */ |
51 | public static function init() | 51 | public static function init($longlastingsession = false) |
52 | { | 52 | { |
53 | //check if session name is correct | ||
54 | if ( session_id() && session_id()!=self::$sessionName ) { | ||
55 | session_destroy(); | ||
56 | } | ||
57 | |||
53 | // Force cookie path (but do not change lifetime) | 58 | // Force cookie path (but do not change lifetime) |
54 | $cookie = session_get_cookie_params(); | 59 | $cookie = session_get_cookie_params(); |
55 | // Default cookie expiration and path. | 60 | // Default cookie expiration and path. |
@@ -61,12 +66,19 @@ class Session | |||
61 | if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { | 66 | if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { |
62 | $ssl = true; | 67 | $ssl = true; |
63 | } | 68 | } |
64 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl); | 69 | |
70 | if ( $longlastingsession ) { | ||
71 | session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); | ||
72 | } | ||
73 | else { | ||
74 | session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); | ||
75 | } | ||
76 | |||
65 | // Use cookies to store session. | 77 | // Use cookies to store session. |
66 | ini_set('session.use_cookies', 1); | 78 | ini_set('session.use_cookies', 1); |
67 | // Force cookies for session (phpsessionID forbidden in URL) | 79 | // Force cookies for session (phpsessionID forbidden in URL) |
68 | ini_set('session.use_only_cookies', 1); | 80 | ini_set('session.use_only_cookies', 1); |
69 | if (!session_id()) { | 81 | if ( !session_id() ) { |
70 | // Prevent php to use sessionID in URL if cookies are disabled. | 82 | // Prevent php to use sessionID in URL if cookies are disabled. |
71 | ini_set('session.use_trans_sid', false); | 83 | ini_set('session.use_trans_sid', false); |
72 | if (!empty(self::$sessionName)) { | 84 | if (!empty(self::$sessionName)) { |
@@ -115,6 +127,9 @@ class Session | |||
115 | if (self::banCanLogin()) { | 127 | if (self::banCanLogin()) { |
116 | if ($login === $loginTest && $password === $passwordTest) { | 128 | if ($login === $loginTest && $password === $passwordTest) { |
117 | self::banLoginOk(); | 129 | self::banLoginOk(); |
130 | |||
131 | self::init($longlastingsession); | ||
132 | |||
118 | // Generate unique random number to sign forms (HMAC) | 133 | // Generate unique random number to sign forms (HMAC) |
119 | $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand()); | 134 | $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand()); |
120 | $_SESSION['ip'] = self::_allIPs(); | 135 | $_SESSION['ip'] = self::_allIPs(); |
@@ -135,6 +150,7 @@ class Session | |||
135 | self::banLoginFailed(); | 150 | self::banLoginFailed(); |
136 | } | 151 | } |
137 | 152 | ||
153 | self::init(); | ||
138 | return false; | 154 | return false; |
139 | } | 155 | } |
140 | 156 | ||