sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

implement fixed php session timeout and session id regeneration

remotes/origin/stable5
Michael Göhler 2012-10-14 20:47:31 +07:00
parent b92fd984aa
commit ae1f33db54
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/base.php
Unescape Escape View File

@ -264,8 +264,30 @@ class OC{
}
public static function initSession() {
// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', '1;');
// (re)-initialize session
session_start();
// regenerate session id periodically to avoid session fixation
if (!isset($_SESSION['SID_CREATED'])) {
$_SESSION['SID_CREATED'] = time();
} else if (time() - $_SESSION['SID_CREATED'] > 900) {
session_regenerate_id(true);
$_SESSION['SID_CREATED'] = time();
}
// session timeout
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_unset();
session_destroy();
session_start();
}
$_SESSION['LAST_ACTIVITY'] = time();
}
public static function init() {