From 9b66b5eee37c1a3958d9ddccb9c1a06ac7ef49ce Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 8 Apr 2016 04:44:10 -0700 Subject: objectify all the session management stuff --- Zotlabs/Web/SessionHandler.php | 78 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 Zotlabs/Web/SessionHandler.php (limited to 'Zotlabs/Web/SessionHandler.php') diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php new file mode 100644 index 000000000..ede2bd609 --- /dev/null +++ b/Zotlabs/Web/SessionHandler.php @@ -0,0 +1,78 @@ +session_exists = 0; + $this->session_expire = 180000; + return true; + } + + function read ($id) { + + if(x($id)) + $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + + if($r) { + $this->session_exists = true; + return $r[0]['data']; + } + + return ''; + } + + + function write ($id, $data) { + + if(! $id || ! $data) { + return false; + } + + $expire = time() + $this->session_expire; + $default_expire = time() + 300; + + if($this->session_exists) { + q("UPDATE `session` + SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + dbesc($data), + dbesc($expire), + dbesc($id) + ); + } + else { + q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')", + dbesc($id), + dbesc($default_expire), + dbesc($data) + ); + } + + return true; + } + + + function close() { + return true; + } + + + function destroy ($id) { + q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id)); + return true; + } + + + function gc($expire) { + q("DELETE FROM session WHERE expire < %d", dbesc(time())); + return true; + } + + +} \ No newline at end of file -- cgit v1.2.3 From abfbe9c9375c7505e0422b8adc1d9d5426d7df1a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 10 Apr 2016 16:56:08 -0700 Subject: a few issues: block public not blocking mod_cal, typo in sql for one clone file sync operation, fix_system_urls not catching cached contact photos, extend sessionhandler expiration when remember_me is enabled as the stored session is expiring long before the browser session. --- Zotlabs/Web/SessionHandler.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web/SessionHandler.php') diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index ede2bd609..670e8f216 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -35,7 +35,12 @@ class SessionHandler implements \SessionHandlerInterface { return false; } - $expire = time() + $this->session_expire; + // Can't just use $data here because we can't be certain of the serialisation algorithm + + if($_SESSION && array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me'])) + $expire = time() + (60 * 60 * 24 * 365); + else + $expire = time() + $this->session_expire; $default_expire = time() + 300; if($this->session_exists) { -- cgit v1.2.3 From 202035fc68d8b2364436cef75d68ac2a610e42c0 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 11 Apr 2016 19:19:58 -0700 Subject: move all DB session storage logic to SessionHandler where it belongs --- Zotlabs/Web/SessionHandler.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'Zotlabs/Web/SessionHandler.php') diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index 670e8f216..359279384 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -80,4 +80,13 @@ class SessionHandler implements \SessionHandlerInterface { } + // not part of the official interface, used when regenerating the session id + + function rename($old,$new) { + $v = q("UPDATE session SET sid = '%s' WHERE sid = '%s'", + dbesc($new), + dbesc($old) + ); + } + } \ No newline at end of file -- cgit v1.2.3