fix of #115 - stay connected and session livetime

author: Maryana Rozhankivska <mariroz@mr.lviv.ua> 2014-03-17 22:22:05 +0200
committer: Maryana Rozhankivska <mariroz@mr.lviv.ua> 2014-03-17 22:22:05 +0200
commit: eb5b677250d16e6831bda43661c82e730358de65 (patch)
tree: d7e594c756792cbdd1bde8410ad9f82b286af9bc /inc
parent: 897b2b53029b8490cd7e9ea329d4151c2f6bd123 (diff)
download: wallabag-eb5b677250d16e6831bda43661c82e730358de65.tar.gz
wallabag-eb5b677250d16e6831bda43661c82e730358de65.tar.zst
wallabag-eb5b677250d16e6831bda43661c82e730358de65.zip
2 files changed, 21 insertions, 7 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index 599b68cd..4ee5d1da 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -31,9 +31,9 @@ class Session
    public static $sessionName = '';
    // If the user does not access any page within this time,
    // his/her session is considered expired (3600 sec. = 1 hour)
-    public static $inactivityTimeout = 86400;
+    public static $inactivityTimeout = 3600;
    // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
-    public static $longSessionTimeout = 604800; // 604800 = a week
+    public static $longSessionTimeout = 7776000; // 7776000 = 90 days
    // If you get disconnected often or if your IP address changes often.
    // Let you disable session cookie hijacking protection
    public static $disableSessionProtection = false;
@@ -48,8 +48,13 @@ class Session
    /**
     * Initialize session
     */
-    public static function init()
+    public static function init($longlastingsession = false)
    {
+        //check if session name is correct
+        if ( session_id() && session_id()!=self::$sessionName ) {
+            session_destroy();
+        }
        // Force cookie path (but do not change lifetime)
        $cookie = session_get_cookie_params();
        // Default cookie expiration and path.
@@ -61,12 +66,19 @@ class Session
        if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
            $ssl = true;
        }
-        session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl);
+        if ( $longlastingsession ) {
+            session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
+        }
+        else {
+            session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
+        }
        // Use cookies to store session.
        ini_set('session.use_cookies', 1);
        // Force cookies for session  (phpsessionID forbidden in URL)
        ini_set('session.use_only_cookies', 1);
-        if (!session_id()) {
+        if ( !session_id() ) {
            // Prevent php to use sessionID in URL if cookies are disabled.
            ini_set('session.use_trans_sid', false);
            if (!empty(self::$sessionName)) {
@@ -115,6 +127,9 @@ class Session
        if (self::banCanLogin()) {
            if ($login === $loginTest && $password === $passwordTest) {
                self::banLoginOk();
+                self::init($longlastingsession);
                // Generate unique random number to sign forms (HMAC)
                $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand());
                $_SESSION['ip'] = self::_allIPs();
@@ -135,6 +150,7 @@ class Session
            self::banLoginFailed();
        }
+        self::init();
        return false;
    }
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index f85bb86c..b1143d0b 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -61,8 +61,6 @@ class Poche
    private function init() 
    {
        Tools::initPhp();
-        Session::$sessionName = 'poche'; 
-        Session::init();
        if (isset($_SESSION['poche_user']) && $_SESSION['poche_user'] != array()) {
            $this->user = $_SESSION['poche_user'];
author	Maryana Rozhankivska <mariroz@mr.lviv.ua>	2014-03-17 22:22:05 +0200
committer	Maryana Rozhankivska <mariroz@mr.lviv.ua>	2014-03-17 22:22:05 +0200
commit	eb5b677250d16e6831bda43661c82e730358de65 (patch)
tree	d7e594c756792cbdd1bde8410ad9f82b286af9bc /inc
parent	897b2b53029b8490cd7e9ea329d4151c2f6bd123 (diff)
download	wallabag-eb5b677250d16e6831bda43661c82e730358de65.tar.gz wallabag-eb5b677250d16e6831bda43661c82e730358de65.tar.zst wallabag-eb5b677250d16e6831bda43661c82e730358de65.zip

diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index 599b68cd..4ee5d1da 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php
@@ -31,9 +31,9 @@ class Session
31	public static $sessionName = '';	31	public static $sessionName = '';
32	// If the user does not access any page within this time,	32	// If the user does not access any page within this time,
33	// his/her session is considered expired (3600 sec. = 1 hour)	33	// his/her session is considered expired (3600 sec. = 1 hour)
34	public static $inactivityTimeout = 86400;	34	public static $inactivityTimeout = 3600;
35	// Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)	35	// Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
36	public static $longSessionTimeout = 604800; // 604800 = a week	36	public static $longSessionTimeout = 7776000; // 7776000 = 90 days
37	// If you get disconnected often or if your IP address changes often.	37	// If you get disconnected often or if your IP address changes often.
38	// Let you disable session cookie hijacking protection	38	// Let you disable session cookie hijacking protection
39	public static $disableSessionProtection = false;	39	public static $disableSessionProtection = false;
@@ -48,8 +48,13 @@ class Session
48	/**	48	/**
49	* Initialize session	49	* Initialize session
50	*/	50	*/
51	public static function init()	51	public static function init($longlastingsession = false)
52	{	52	{
		53	//check if session name is correct
		54	if ( session_id() && session_id()!=self::$sessionName ) {
		55	session_destroy();
		56	}
		57
53	// Force cookie path (but do not change lifetime)	58	// Force cookie path (but do not change lifetime)
54	$cookie = session_get_cookie_params();	59	$cookie = session_get_cookie_params();
55	// Default cookie expiration and path.	60	// Default cookie expiration and path.
@@ -61,12 +66,19 @@ class Session
61	if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {	66	if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
62	$ssl = true;	67	$ssl = true;
63	}	68	}
64	session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl);	69
		70	if ( $longlastingsession ) {
		71	session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
		72	}
		73	else {
		74	session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
		75	}
		76
65	// Use cookies to store session.	77	// Use cookies to store session.
66	ini_set('session.use_cookies', 1);	78	ini_set('session.use_cookies', 1);
67	// Force cookies for session (phpsessionID forbidden in URL)	79	// Force cookies for session (phpsessionID forbidden in URL)
68	ini_set('session.use_only_cookies', 1);	80	ini_set('session.use_only_cookies', 1);
69	if (!session_id()) {	81	if ( !session_id() ) {
70	// Prevent php to use sessionID in URL if cookies are disabled.	82	// Prevent php to use sessionID in URL if cookies are disabled.
71	ini_set('session.use_trans_sid', false);	83	ini_set('session.use_trans_sid', false);
72	if (!empty(self::$sessionName)) {	84	if (!empty(self::$sessionName)) {
@@ -115,6 +127,9 @@ class Session
115	if (self::banCanLogin()) {	127	if (self::banCanLogin()) {
116	if ($login === $loginTest && $password === $passwordTest) {	128	if ($login === $loginTest && $password === $passwordTest) {
117	self::banLoginOk();	129	self::banLoginOk();
		130
		131	self::init($longlastingsession);
		132
118	// Generate unique random number to sign forms (HMAC)	133	// Generate unique random number to sign forms (HMAC)
119	$_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand());	134	$_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand());
120	$_SESSION['ip'] = self::_allIPs();	135	$_SESSION['ip'] = self::_allIPs();
@@ -135,6 +150,7 @@ class Session
135	self::banLoginFailed();	150	self::banLoginFailed();
136	}	151	}
137		152
		153	self::init();
138	return false;	154	return false;
139	}	155	}
140		156


diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index f85bb86c..b1143d0b 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -61,8 +61,6 @@ class Poche
61	private function init()	61	private function init()
62	{	62	{
63	Tools::initPhp();	63	Tools::initPhp();
64	Session::$sessionName = 'poche';
65	Session::init();
66		64
67	if (isset($_SESSION['poche_user']) && $_SESSION['poche_user'] != array()) {	65	if (isset($_SESSION['poche_user']) && $_SESSION['poche_user'] != array()) {
68	$this->user = $_SESSION['poche_user'];	66	$this->user = $_SESSION['poche_user'];