tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 23:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Only call session_start() when reading from session

Browse Source 
fixes #6383
This commit is contained in:
Johannes Meyer 2014-07-16 09:33:49 +02:00
parent 8086292b1b
commit 19f05256a0
4 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
library/Icinga/Authentication/Manager.php
View File

@ -27,7 +27,7 @@ class Manager
* Authenticated user * Authenticated user
* *
* @var User * @var User
**/ */
private $user; private $user;
/** /**
@ -96,25 +96,24 @@ class Manager
); );
$this->user = $user; $this->user = $user;
if ($persist == true) { if ($persist == true) {
$session = Session::getSession();
$session->refreshId();
$this->persistCurrentUser(); $this->persistCurrentUser();
} }
} }
/** /**
* Writes the current user to the session * Writes the current user to the session
**/ */
public function persistCurrentUser() public function persistCurrentUser()
{ {
$session = Session::getSession(); $session = Session::getSession();
$session->set('user', $this->user); $session->set('user', $this->user);
$session->write(); $session->write();
$session->refreshId();
} }
/** /**
* Tries to authenticate the user with the current session * Tries to authenticate the user with the current session
**/ */
public function authenticateFromSession() public function authenticateFromSession()
{ {
$this->user = Session::getSession()->get('user'); $this->user = Session::getSession()->get('user');
@ -189,7 +188,7 @@ class Manager
* Returns the current user or null if no user is authenticated * Returns the current user or null if no user is authenticated
* *
* @return User * @return User
**/ */
public function getUser() public function getUser()
{ {
return $this->user; return $this->user;
@ -200,7 +199,7 @@ class Manager
* *
* @return array * @return array
* @see User::getGroups * @see User::getGroups
**/ */
public function getGroups() public function getGroups()
{ {
return $this->user->getGroups(); return $this->user->getGroups();

7
library/Icinga/Web/Notification.php
View File

@ -100,8 +100,11 @@ class Notification
{ {
$session = Session::getSession(); $session = Session::getSession();
$msgs = $session->messages; $msgs = $session->messages;
$session->messages = array(); if (false === empty($msgs)) {
$session->write(); $session->messages = array();
$session->write();
}
return $msgs; return $msgs;
} }

26
library/Icinga/Web/Session/PhpSession.php
View File

@ -5,7 +5,7 @@
namespace Icinga\Web\Session; namespace Icinga\Web\Session;
use Icinga\Logger\Logger; use Icinga\Logger\Logger;
use \Icinga\Exception\ConfigurationError; use Icinga\Exception\ConfigurationError;
/** /**
* Session implementation in PHP * Session implementation in PHP
@ -24,21 +24,21 @@ class PhpSession extends Session
* *
* @var bool * @var bool
*/ */
private $hasBeenTouched = false; protected $hasBeenTouched = false;
/** /**
* Name of the session * Name of the session
* *
* @var string * @var string
*/ */
private $sessionName = 'Icingaweb2'; protected $sessionName = 'Icingaweb2';
/** /**
* Configuration for cookie options * Configuration for cookie options
* *
* @var array * @var array
*/ */
private static $defaultCookieOptions = array( protected static $defaultCookieOptions = array(
'use_trans_sid' => false, 'use_trans_sid' => false,
'use_cookies' => true, 'use_cookies' => true,
'cookie_httponly' => true, 'cookie_httponly' => true,
@ -82,13 +82,16 @@ class PhpSession extends Session
throw new ConfigurationError('Can\'t save session'); throw new ConfigurationError('Can\'t save session');
} }
$this->read(); if ($this->exists()) {
// We do not want to start a new session here if there is not any
$this->read();
}
} }
/** /**
* Open a PHP session * Open a PHP session
*/ */
private function open() protected function open()
{ {
session_name($this->sessionName); session_name($this->sessionName);
@ -171,7 +174,7 @@ class PhpSession extends Session
/** /**
* Remove session cookies * Remove session cookies
*/ */
private function clearCookies() protected function clearCookies()
{ {
if (ini_get('session.use_cookies')) { if (ini_get('session.use_cookies')) {
Logger::debug('Clear session cookie'); Logger::debug('Clear session cookie');
@ -196,5 +199,14 @@ class PhpSession extends Session
$this->open(); $this->open();
session_regenerate_id(); session_regenerate_id();
session_write_close(); session_write_close();
$this->hasBeenTouched = true;
}
/**
* @see Session::exists()
*/
public function exists()
{
return isset($_COOKIE[$this->sessionName]);
} }
} }

7
library/Icinga/Web/Session/Session.php
View File

@ -37,6 +37,13 @@ abstract class Session extends SessionNamespace
throw new NotImplementedError('You are required to implement write() in your session implementation'); throw new NotImplementedError('You are required to implement write() in your session implementation');
} }
/**
* Return whether a session exists
*
* @return bool
*/
abstract public function exists();
/** /**
* Purge session * Purge session
*/ */