Mercurial > hg > fapweb
changeset 687:a38eab6f2bd2
Improve session expiration handling.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 09 Nov 2014 20:36:37 +0200 |
| parents | 8730bffcffd4 |
| children | 2b3c17c7b7f8 |
| files | admajax.php msession.inc.php |
| diffstat | 2 files changed, 6 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/admajax.php Sun Nov 09 20:36:01 2014 +0200 +++ b/admajax.php Sun Nov 09 20:36:37 2014 +0200 @@ -536,7 +536,7 @@ // // Check if we are allowed to execute // -if (!stCheckHTTPS() || !stAdmSessionAuth() || !stCSRFCheck()) +if (!stCheckHTTPS() || !stAdmSessionAuth(TRUE) || !stCSRFCheck()) { stSetStatus(903, "Session expired."); stSetupCacheControl(); @@ -564,6 +564,7 @@ stReloadSettings(); stReloadDisplayVars(); +stSessionExpire(SESS_ADMIN, FALSE); $voteKeyMode = stGetSetting("voteKeyMode");
--- a/msession.inc.php Sun Nov 09 20:36:01 2014 +0200 +++ b/msession.inc.php Sun Nov 09 20:36:37 2014 +0200 @@ -45,7 +45,7 @@ } -function stSessionExpire($stype) +function stSessionExpire($stype, $silent = FALSE) { // Check for session expiration if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"])) @@ -64,7 +64,7 @@ // Add more time to expiration $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0); - stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); + if (!$silent) stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); $_SESSION[$stype]["expires"] = time() + $timeout * 60; return TRUE; } @@ -149,7 +149,7 @@ stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword")) { if (!$silent) stDebug("AUTH admin session OK."); - return stSessionExpire(SESS_ADMIN); + return stSessionExpire(SESS_ADMIN, $silent); } else { @@ -165,7 +165,7 @@ stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE) { if (!$silent) stDebug("AUTH user session OK."); - return stSessionExpire(SESS_USER); + return stSessionExpire(SESS_USER, $silent); } else {