bug fix on session and multiple paths
This commit is contained in:
Diego Najar
parent
0b7d327480
commit
a3555315b8
3 changed files with 34 additions and 14 deletions
|
|
@ -5,27 +5,29 @@ class Session {
|
|||
private static $started = false;
|
||||
private static $sessionName = 'BLUDIT-KEY';
|
||||
|
||||
public static function start()
|
||||
public static function start($path, $secure)
|
||||
{
|
||||
// Try to set the session timeout on server side, 1 hour of timeout
|
||||
ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME);
|
||||
|
||||
// If TRUE cookie will only be sent over secure connections.
|
||||
$secure = false;
|
||||
|
||||
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
|
||||
$httponly = true;
|
||||
|
||||
// Gets current cookies params.
|
||||
$cookieParams = session_get_cookie_params();
|
||||
|
||||
session_set_cookie_params(
|
||||
SESSION_COOKIE_LIFE_TIME,
|
||||
$cookieParams["path"],
|
||||
$cookieParams["domain"],
|
||||
$secure,
|
||||
$httponly
|
||||
);
|
||||
if (empty($path)) {
|
||||
$httponly = true;
|
||||
$path = '/';
|
||||
}
|
||||
|
||||
session_set_cookie_params([
|
||||
'lifetime' => $cookieParams["lifetime"],
|
||||
'path' => $path,
|
||||
'domain' => $cookieParams["domain"],
|
||||
'secure' => $secure,
|
||||
'httponly' => true
|
||||
]);
|
||||
|
||||
// Sets the session name to the one set above.
|
||||
session_name(self::$sessionName);
|
||||
|
|
@ -73,11 +75,11 @@ class Session {
|
|||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
public static function remove($key)
|
||||
{
|
||||
$key = 's_'.$key;
|
||||
|
||||
|
||||
unset($_SESSION[$key]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,9 +12,15 @@ class Login {
|
|||
$this->users = new Users();
|
||||
}
|
||||
|
||||
if (isset($GLOBALS['site'])) {
|
||||
$this->site = $GLOBALS['site'];
|
||||
} else {
|
||||
$this->site = new Site();
|
||||
}
|
||||
|
||||
// Start the Session
|
||||
if (!Session::started()) {
|
||||
Session::start();
|
||||
Session::start($this->site->urlPath(), $this->site->isHTTPS());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -340,6 +340,18 @@ class Site extends dbJSON {
|
|||
return $this->getField('timezone');
|
||||
}
|
||||
|
||||
public function urlPath()
|
||||
{
|
||||
$url = $this->getField('url');
|
||||
return parse_url($url, PHP_URL_PATH);
|
||||
}
|
||||
|
||||
public function isHTTPS()
|
||||
{
|
||||
$url = $this->getField('url');
|
||||
return parse_url($url, PHP_URL_SCHEME) === 'https';
|
||||
}
|
||||
|
||||
// Returns the current build / version of Bludit.
|
||||
public function currentBuild()
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue