aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Web/Session.php31
-rwxr-xr-xboot.php1
-rw-r--r--include/Contact.php2
-rw-r--r--include/api.php2
-rw-r--r--include/auth.php16
-rw-r--r--include/cli_startup.php3
-rwxr-xr-xindex.php11
7 files changed, 40 insertions, 26 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index 248da51a7..df7249a34 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,8 +13,8 @@ namespace Zotlabs\Web;
class Session {
- private static $handler = null;
- private static $session_started = false;
+ static private $handler = null;
+ static private $session_started = false;
public function init() {
@@ -29,7 +29,7 @@ class Session {
*/
$handler = new \Zotlabs\Web\SessionHandler();
- self::$handler = $handler;
+ $this->handler = $handler;
$x = session_set_save_handler($handler,false);
if(! $x)
@@ -38,11 +38,12 @@ class Session {
// Force cookies to be secure (https only) if this site is SSL enabled.
// Must be done before session_start().
+
$arr = session_get_cookie_params();
session_set_cookie_params(
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
((isset($arr['path'])) ? $arr['path'] : '/'),
- ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
+ (($arr['domain']) ? $arr['domain'] : \App::get_hostname()),
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
((isset($arr['httponly'])) ? $arr['httponly'] : true)
);
@@ -53,7 +54,7 @@ class Session {
public function start() {
session_start();
- self::$session_started = true;
+ $this->session_started = true;
}
/**
@@ -62,8 +63,8 @@ class Session {
* @return void
*/
- static public function nuke() {
- self::new_cookie(0); // 0 means delete on browser exit
+ public function nuke() {
+ $this->new_cookie(0); // 0 means delete on browser exit
if($_SESSION && count($_SESSION)) {
foreach($_SESSION as $k => $v) {
unset($_SESSION[$k]);
@@ -77,21 +78,23 @@ class Session {
$old_sid = session_id();
- if(self::$handler && self::$session_started) {
+ $arr = session_get_cookie_params();
+
+ if($this->handler && $this->session_started) {
session_regenerate_id(true);
// force SessionHandler record creation with the new session_id
// which occurs as a side effect of read()
- self::$handler->read(session_id());
+ $this->handler->read(session_id());
}
else
logger('no session handler');
if (x($_COOKIE, 'jsdisabled')) {
- setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime);
+ setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
}
- setcookie(session_name(),session_id(),$newxtime);
+ setcookie(session_name(),session_id(),$newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
$arr = array('expire' => $xtime);
call_hooks('new_cookie', $arr);
@@ -100,12 +103,14 @@ class Session {
public function extend_cookie() {
+ $arr = session_get_cookie_params();
+
// if there's a long-term cookie, extend it
$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
if($xtime)
- setcookie(session_name(),session_id(),(time() + $xtime));
+ setcookie(session_name(),session_id(),(time() + $xtime), '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
$arr = array('expire' => $xtime);
call_hooks('extend_cookie', $arr);
@@ -152,7 +157,7 @@ class Session {
// check any difference at all
logger('Session address changed. Paranoid setting in effect, blocking session. '
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
- self::nuke();
+ $this->nuke();
goaway(z_root());
break;
}
diff --git a/boot.php b/boot.php
index 72e86e42b..381111b26 100755
--- a/boot.php
+++ b/boot.php
@@ -700,6 +700,7 @@ class App {
private static $perms = null; // observer permissions
private static $widgets = array(); // widgets for this page
+ public static $session = null;
public static $groups;
public static $language;
public static $langsave;
diff --git a/include/Contact.php b/include/Contact.php
index e011c60c8..8ad67c28e 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -389,7 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
proc_run('php','include/directory.php',$channel_id);
if($channel_id == local_channel() && $unset_session) {
- \Zotlabs\Web\Session::nuke();
+ App::$session->nuke();
goaway(z_root());
}
diff --git a/include/api.php b/include/api.php
index 3b2c71923..5f4d4bedb 100644
--- a/include/api.php
+++ b/include/api.php
@@ -486,7 +486,7 @@ require_once('include/api_auth.php');
function api_account_logout(&$a, $type){
require_once('include/auth.php');
- \Zotlabs\Web\Session::nuke();
+ App::$session->nuke();
return api_apply_template("user", $type, array('$user' => null));
}
diff --git a/include/auth.php b/include/auth.php
index 9643da8eb..01fcf0094 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -101,7 +101,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
// process logout request
$args = array('channel_id' => local_channel());
call_hooks('logging_out', $args);
- \Zotlabs\Web\Session::nuke();
+ App::$session->nuke();
info( t('Logged out.') . EOL);
goaway(z_root());
}
@@ -117,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
intval(ACCOUNT_ROLE_ADMIN)
);
if($x) {
- \Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day
+ App::$session->new_cookie(60 * 60 * 24); // one day
$_SESSION['last_login_date'] = datetime_convert();
unset($_SESSION['visitor_id']); // no longer a visitor
authenticate_success($x[0], true, true);
@@ -141,7 +141,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
if(x($_SESSION, 'uid') || x($_SESSION, 'account_id')) {
- Zotlabs\Web\Session::return_check();
+ App::$session->return_check();
$r = q("select * from account where account_id = %d limit 1",
intval($_SESSION['account_id'])
@@ -155,14 +155,14 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
}
if(strcmp(datetime_convert('UTC','UTC','now - 12 hours'), $_SESSION['last_login_date']) > 0 ) {
$_SESSION['last_login_date'] = datetime_convert();
- Zotlabs\Web\Session::extend_cookie();
+ App::$session->extend_cookie();
$login_refresh = true;
}
authenticate_success($r[0], false, false, false, $login_refresh);
}
else {
$_SESSION['account_id'] = 0;
- \Zotlabs\Web\Session::nuke();
+ App::$session->nuke();
goaway(z_root());
}
} // end logged in user returning
@@ -170,7 +170,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
else {
if(isset($_SESSION)) {
- \Zotlabs\Web\Session::nuke();
+ App::$session->nuke();
}
// handle a fresh login request
@@ -242,11 +242,11 @@ else {
if($_POST['remember_me']) {
$_SESSION['remember_me'] = 1;
- \Zotlabs\Web\Session::new_cookie(31449600); // one year
+ App::$session->new_cookie(31449600); // one year
}
else {
$_SESSION['remember_me'] = 0;
- \Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
+ App::$session->new_cookie(0); // 0 means delete on browser exit
}
// if we haven't failed up this point, log them in.
diff --git a/include/cli_startup.php b/include/cli_startup.php
index a99164d4c..a33f7acb0 100644
--- a/include/cli_startup.php
+++ b/include/cli_startup.php
@@ -30,7 +30,8 @@ function cli_startup() {
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
};
- \Zotlabs\Web\Session::init();
+ App::$session = new Zotlabs\Web\Session();
+ App::$session->init();
load_config('system');
diff --git a/index.php b/index.php
index 1178881ba..5d8dbd8bf 100755
--- a/index.php
+++ b/index.php
@@ -62,7 +62,8 @@ if(! App::$install) {
load_config('system');
load_config('feature');
- \Zotlabs\Web\Session::init();
+ App::$session = new \Zotlabs\Web\Session();
+ App::$session->init();
load_hooks();
call_hooks('init_1');
@@ -84,7 +85,13 @@ if(! App::$install) {
*
*/
-\Zotlabs\Web\Session::start();
+ if(App::$session) {
+ App::$session->start();
+ }
+ else {
+ session_start();
+ register_shutdown_function('session_write_close');
+ }
/**
* Language was set earlier, but we can over-ride it in the session.