aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web/Session.php
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Web/Session.php')
-rw-r--r--Zotlabs/Web/Session.php40
1 files changed, 25 insertions, 15 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index 0cd83c15e..55536fdc7 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -14,6 +14,7 @@ namespace Zotlabs\Web;
class Session {
private static $handler = null;
+ private static $session_started = false;
function init() {
@@ -37,20 +38,19 @@ class Session {
// Force cookies to be secure (https only) if this site is SSL enabled.
// Must be done before session_start().
- if(intval(\App::$config['system']['ssl_cookie_protection'])) {
- $arr = session_get_cookie_params();
- session_set_cookie_params(
- ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
- ((isset($arr['path'])) ? $arr['path'] : '/'),
- ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
- ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
- ((isset($arr['httponly'])) ? $arr['httponly'] : true)
- );
- }
+ $arr = session_get_cookie_params();
+ session_set_cookie_params(
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
+ ((isset($arr['path'])) ? $arr['path'] : '/'),
+ ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
+ ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+ ((isset($arr['httponly'])) ? $arr['httponly'] : true)
+ );
}
function start() {
session_start();
+ self::$session_started = true;
}
/**
@@ -74,10 +74,13 @@ class Session {
$old_sid = session_id();
- session_regenerate_id(false);
+ if(self::$handler && self::$session_started) {
+ session_regenerate_id(true);
+
+ // force SessionHandler record creation with the new session_id
+ // which occurs as a side effect of read()
- if(self::$handler) {
- self::$handler->rename($old_sid,session_id());
+ self::$handler->read(session_id());
}
else
logger('no session handler');
@@ -87,14 +90,21 @@ class Session {
}
setcookie(session_name(),session_id(),$newxtime);
+ $arr = array('expire' => $xtime);
+ call_hooks('new_cookie', $arr);
+
}
function extend_cookie() {
// if there's a long-term cookie, extend it
- if(intval($_SESSION['remember_me']))
- setcookie(session_name(),session_id(),(time() + (60 * 60 * 24 * 365)));
+ $xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
+
+ if($xtime)
+ setcookie(session_name(),session_id(),(time() + $xtime));
+ $arr = array('expire' => $xtime);
+ call_hooks('extend_cookie', $arr);
}