bug fix on session and multiple paths
This commit is contained in:
Diego Najar
parent
0b7d327480
commit
a3555315b8
3 changed files with 34 additions and 14 deletions
|
|
@ -5,27 +5,29 @@ class Session {
|
||||||
private static $started = false;
|
private static $started = false;
|
||||||
private static $sessionName = 'BLUDIT-KEY';
|
private static $sessionName = 'BLUDIT-KEY';
|
||||||
|
|
||||||
public static function start()
|
public static function start($path, $secure)
|
||||||
{
|
{
|
||||||
// Try to set the session timeout on server side, 1 hour of timeout
|
// Try to set the session timeout on server side, 1 hour of timeout
|
||||||
ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME);
|
ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME);
|
||||||
|
|
||||||
// If TRUE cookie will only be sent over secure connections.
|
|
||||||
$secure = false;
|
|
||||||
|
|
||||||
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
|
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
|
||||||
$httponly = true;
|
$httponly = true;
|
||||||
|
|
||||||
// Gets current cookies params.
|
// Gets current cookies params.
|
||||||
$cookieParams = session_get_cookie_params();
|
$cookieParams = session_get_cookie_params();
|
||||||
|
|
||||||
session_set_cookie_params(
|
if (empty($path)) {
|
||||||
SESSION_COOKIE_LIFE_TIME,
|
$httponly = true;
|
||||||
$cookieParams["path"],
|
$path = '/';
|
||||||
$cookieParams["domain"],
|
}
|
||||||
$secure,
|
|
||||||
$httponly
|
session_set_cookie_params([
|
||||||
);
|
'lifetime' => $cookieParams["lifetime"],
|
||||||
|
'path' => $path,
|
||||||
|
'domain' => $cookieParams["domain"],
|
||||||
|
'secure' => $secure,
|
||||||
|
'httponly' => true
|
||||||
|
]);
|
||||||
|
|
||||||
// Sets the session name to the one set above.
|
// Sets the session name to the one set above.
|
||||||
session_name(self::$sessionName);
|
session_name(self::$sessionName);
|
||||||
|
|
@ -73,11 +75,11 @@ class Session {
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function remove($key)
|
public static function remove($key)
|
||||||
{
|
{
|
||||||
$key = 's_'.$key;
|
$key = 's_'.$key;
|
||||||
|
|
||||||
unset($_SESSION[$key]);
|
unset($_SESSION[$key]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -12,9 +12,15 @@ class Login {
|
||||||
$this->users = new Users();
|
$this->users = new Users();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($GLOBALS['site'])) {
|
||||||
|
$this->site = $GLOBALS['site'];
|
||||||
|
} else {
|
||||||
|
$this->site = new Site();
|
||||||
|
}
|
||||||
|
|
||||||
// Start the Session
|
// Start the Session
|
||||||
if (!Session::started()) {
|
if (!Session::started()) {
|
||||||
Session::start();
|
Session::start($this->site->urlPath(), $this->site->isHTTPS());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -340,6 +340,18 @@ class Site extends dbJSON {
|
||||||
return $this->getField('timezone');
|
return $this->getField('timezone');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function urlPath()
|
||||||
|
{
|
||||||
|
$url = $this->getField('url');
|
||||||
|
return parse_url($url, PHP_URL_PATH);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isHTTPS()
|
||||||
|
{
|
||||||
|
$url = $this->getField('url');
|
||||||
|
return parse_url($url, PHP_URL_SCHEME) === 'https';
|
||||||
|
}
|
||||||
|
|
||||||
// Returns the current build / version of Bludit.
|
// Returns the current build / version of Bludit.
|
||||||
public function currentBuild()
|
public function currentBuild()
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue