aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/3rdparty/Session.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/3rdparty/Session.class.php')
-rw-r--r--inc/3rdparty/Session.class.php13
1 files changed, 10 insertions, 3 deletions
diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index b30a31f3..599b68cd 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -33,7 +33,7 @@ class Session
33 // his/her session is considered expired (3600 sec. = 1 hour) 33 // his/her session is considered expired (3600 sec. = 1 hour)
34 public static $inactivityTimeout = 86400; 34 public static $inactivityTimeout = 86400;
35 // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours) 35 // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
36 public static $longSessionTimeout = 31536000; 36 public static $longSessionTimeout = 604800; // 604800 = a week
37 // If you get disconnected often or if your IP address changes often. 37 // If you get disconnected often or if your IP address changes often.
38 // Let you disable session cookie hijacking protection 38 // Let you disable session cookie hijacking protection
39 public static $disableSessionProtection = false; 39 public static $disableSessionProtection = false;
@@ -61,7 +61,7 @@ class Session
61 if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { 61 if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
62 $ssl = true; 62 $ssl = true;
63 } 63 }
64 session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl); 64 session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl);
65 // Use cookies to store session. 65 // Use cookies to store session.
66 ini_set('session.use_cookies', 1); 66 ini_set('session.use_cookies', 1);
67 // Force cookies for session (phpsessionID forbidden in URL) 67 // Force cookies for session (phpsessionID forbidden in URL)
@@ -143,7 +143,14 @@ class Session
143 */ 143 */
144 public static function logout() 144 public static function logout()
145 { 145 {
146 unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']); 146 // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
147
148 // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres)
149 $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
150 $args[2] = time() - 3600;
151 call_user_func_array('setcookie', $args);
152 // Suppression physique de la session
153 session_destroy();
147 } 154 }
148 155
149 /** 156 /**