1
0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-23 17:42:15 -05:00

Merge pull request #581 from mariroz/fix-session-livetime

fix of issue under nginx and php-fpm
This commit is contained in:
Nicolas Lœuillet 2014-03-21 14:05:51 +01:00
commit 028e34b6c4
2 changed files with 5 additions and 6 deletions

View File

@ -51,7 +51,7 @@ class Session
public static function init($longlastingsession = false) public static function init($longlastingsession = false)
{ {
//check if session name is correct //check if session name is correct
if ( session_id() && session_id()!=self::$sessionName ) { if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
session_destroy(); session_destroy();
} }
@ -71,7 +71,7 @@ class Session
session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); session_set_cookie_params(self::$longSessionTimeout, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
} }
else { else {
session_set_cookie_params('', $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true); session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST'], $ssl, true);
} }
//set server side valid session timeout //set server side valid session timeout
//WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
@ -183,7 +183,7 @@ class Session
|| (self::$disableSessionProtection === false || (self::$disableSessionProtection === false
&& $_SESSION['ip'] !== self::_allIPs()) && $_SESSION['ip'] !== self::_allIPs())
|| time() >= $_SESSION['expires_on']) { || time() >= $_SESSION['expires_on']) {
self::logout(); //self::logout();
return false; return false;
} }

View File

@ -14,9 +14,7 @@ require_once 'inc/poche/global.inc.php';
# Start session # Start session
Session::$sessionName = 'poche'; Session::$sessionName = 'poche';
if ( !isset($_GET['login']) ) { Session::init();
Session::init();
}
# Start Poche # Start Poche
$poche = new Poche(); $poche = new Poche();
@ -122,6 +120,7 @@ if (Session::isLogged()) {
} else { } else {
$tpl_file = Tools::getTplFile('login'); $tpl_file = Tools::getTplFile('login');
$tpl_vars['http_auth'] = 0; $tpl_vars['http_auth'] = 0;
Session::logout();
} }
# because messages can be added in $poche->action(), we have to add this entry now (we can add it before) # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)