[Fmsystem-commits] [14882] session handling

fmsystem-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [14882] session handling

From:	Sigurd Nes
Subject:	[Fmsystem-commits] [14882] session handling
Date:	Thu, 31 Mar 2016 14:27:21 +0000

Revision: 14882
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14882
Author:   sigurdne
Date:     2016-03-31 14:27:20 +0000 (Thu, 31 Mar 2016)
Log Message:
-----------
session handling

Modified Paths:
--------------
    trunk/phpgwapi/inc/class.sessions.inc.php

Modified: trunk/phpgwapi/inc/class.sessions.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.sessions.inc.php   2016-03-31 12:52:17 UTC (rev 
14881)
+++ trunk/phpgwapi/inc/class.sessions.inc.php   2016-03-31 14:27:20 UTC (rev 
14882)
@@ -278,7 +278,7 @@
                        if ( 
isset($GLOBALS['phpgw_info']['server']['usecookies'])
                                && 
$GLOBALS['phpgw_info']['server']['usecookies'] )
                        {
-                               $this->phpgw_setcookie(session_name(), 
$this->_sessionid);
+//                             $this->phpgw_setcookie(session_name(), 
$this->_sessionid);// already sendt with session_start()
                                $this->phpgw_setcookie('domain', 
$this->_account_domain);
                        }
 
@@ -830,7 +830,15 @@
                */
                public function phpgw_setcookie($cookiename, $cookievalue='', 
$cookietime=0)
                {
-                       setcookie($cookiename, $cookievalue, $cookietime);
+                       $cookie_params = session_get_cookie_params();
+                       setcookie($cookiename,
+                               $cookievalue,
+                               $cookietime,
+                               $cookie_params['path'],
+                               $cookie_params['domain'],
+                               !!$cookie_params['secure'],
+                               !!$cookie_params['httponly']
+                       );
                }
 
 
@@ -947,15 +955,14 @@
                 */
                public function register_session($login, $user_ip, $now, 
$session_flags)
                {
-                       if ( $this->_sessionid )
+                       if ( $this->_sessionid != session_id())
                        {
-                               session_id($this->_sessionid);
+                               throw new Exception("sessions::sessionid is 
tampered");
                        }
 
                        if ( !strlen(session_id()) )
                        {
                                throw new 
Exception("sessions::register_session() - No value for session_id()");
-//                             session_start();
                        }
 
                        $_SESSION['phpgw_session'] = array

[Prev in Thread]

Current Thread

[Next in Thread]

[Fmsystem-commits] [14882] session handling, Sigurd Nes <=

Prev by Date: [Fmsystem-commits] [14881] get item id
Previous by thread: [Fmsystem-commits] [14881] get item id
Index(es):
- Date
- Thread