From 25354f6f3bed7f6e4c73e8c3429699874d72d7ab Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@artica.es>
Date: Fri, 30 Aug 2019 08:47:49 +0200
Subject: [PATCH] delete session open by api calls

---
 pandora_console/include/load_session.php |  5 +++++
 pandora_server/util/pandora_db.pl        | 21 +++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/pandora_console/include/load_session.php b/pandora_console/include/load_session.php
index 80fb8643ef..39e0973287 100644
--- a/pandora_console/include/load_session.php
+++ b/pandora_console/include/load_session.php
@@ -91,6 +91,11 @@ function pandora_session_write($session_id, $data)
 {
     $session_id = addslashes($session_id);
 
+    // If it's an api call, the session must not be created.
+    if (get_parameter('op', false) && get_parameter('op2', false)) {
+        return true;
+    }
+
     if (is_ajax()) {
         // Avoid session upadte while processing ajax responses - notifications.
         if (get_parameter('check_new_notifications', false)) {
diff --git a/pandora_server/util/pandora_db.pl b/pandora_server/util/pandora_db.pl
index d16a65bc91..0c717e9abb 100644
--- a/pandora_server/util/pandora_db.pl
+++ b/pandora_server/util/pandora_db.pl
@@ -136,7 +136,7 @@ sub pandora_purgedb ($$) {
 		pandora_delete_old_export_data ($dbh, $ulimit_timestamp);
 		
 		# Delete sessions data
-		pandora_delete_old_session_data ($dbh, $ulimit_timestamp);
+		pandora_delete_old_session_data (\%conf, $dbh, $ulimit_timestamp);
 	
 		# Delete old inventory data
 		
@@ -678,6 +678,7 @@ sub pandora_load_config_pdb ($) {
 	$conf->{'_netflow_nfexpire'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'netflow_nfexpire'");
    	$conf->{'_netflow_path'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'netflow_path'");
 	$conf->{'_delete_notinit'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'delete_notinit'");
+	$conf->{'_session_timeout'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'session_timeout'");
 
 	$conf->{'_big_operation_step_datos_purge'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'big_operation_step_datos_purge'");
 	$conf->{'_small_operation_step_datos_purge'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'small_operation_step_datos_purge'");
@@ -990,12 +991,28 @@ sub pandora_delete_old_export_data {
 # Delete old session data.
 ##############################################################################
 sub pandora_delete_old_session_data {
-	my ($dbh, $ulimit_timestamp) = @_;
+    my ($conf, $dbh, $ulimit_timestamp) = @_;
+
+    my $session_timeout = $conf->{'_session_timeout'};
+
+	if ($session_timeout ne '') {
+		if ($session_timeout == -1) {
+			# The session expires in 10 years
+			$session_timeout = 315576000;
+		} else {
+			$session_timeout *= 60;
+		}
+
+		$ulimit_timestamp = time() - $session_timeout;
+	}
 
 	log_message ('PURGE', "Deleting old session data from tsessions_php\n");
 	while(db_delete_limit ($dbh, 'tsessions_php', 'last_active < ?', $SMALL_OPERATION_STEP, $ulimit_timestamp) ne '0E0') {
 		usleep (10000);
 	};
+
+	db_do ($dbh, "DELETE FROM tsessions_php WHERE
+	data IS NULL OR id_session REGEXP '^cron-'");
 }
 
 ###############################################################################