From a089a9347758908bdf3a235ce8a89cafbd9e4608 Mon Sep 17 00:00:00 2001 From: daniel Date: Tue, 20 Nov 2018 18:07:43 +0100 Subject: [PATCH] fixed session bugs --- pandora_console/include/config_process.php | 12 +++++++----- pandora_console/include/functions_config.php | 4 ---- pandora_console/include/load_session.php | 2 +- pandora_console/index.php | 16 ++++++++++------ 4 files changed, 18 insertions(+), 16 deletions(-) diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php index 3a36e7fe0b..7ad7bf70b2 100644 --- a/pandora_console/include/config_process.php +++ b/pandora_console/include/config_process.php @@ -171,19 +171,21 @@ require_once ($ownDir. 'functions_config.php'); date_default_timezone_set("Europe/Madrid"); +////////////////////////////////////// +//// PLEASE DO NOT CHANGE ORDER ////// +////////////////////////////////////// +require_once ($config["homedir"].'/include/load_session.php'); + +if (empty(session_id())) session_start(); config_process_config(); - config_prepare_session(); -require_once ($config["homedir"].'/include/load_session.php'); -if(session_id() == '') { - $resultado = session_start(); -} // Set a the system timezone default if ((!isset($config["timezone"])) OR ($config["timezone"] == "")) { $config["timezone"] = "Europe/Berlin"; } +//////////////////////////////////////// date_default_timezone_set($config["timezone"]); diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 39dedbef28..e773224c16 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -2329,11 +2329,7 @@ function config_prepare_session() { else $sessionCookieExpireTime *= 60; - @ini_set('session.gc_maxlifetime', $sessionCookieExpireTime); - @session_set_cookie_params ($sessionCookieExpireTime); - // Reset the expiration time upon page load //session_name() is default name of session PHPSESSID - if (isset($_COOKIE[session_name()])) setcookie(session_name(), $_COOKIE[session_name()], time() + $sessionCookieExpireTime, "/"); diff --git a/pandora_console/include/load_session.php b/pandora_console/include/load_session.php index da09e0ff2a..8144b410b2 100644 --- a/pandora_console/include/load_session.php +++ b/pandora_console/include/load_session.php @@ -77,6 +77,6 @@ function pandora_session_gc ($max_lifetime = 300) { return $retval; } -$result_handler = @session_set_save_handler ('pandora_session_open', 'pandora_session_close', 'pandora_session_read', 'pandora_session_write', 'pandora_session_destroy', 'pandora_session_gc'); +$result_handler = session_set_save_handler ('pandora_session_open', 'pandora_session_close', 'pandora_session_read', 'pandora_session_write', 'pandora_session_destroy', 'pandora_session_gc'); ?> diff --git a/pandora_console/index.php b/pandora_console/index.php index 69bcc7c683..101196ba21 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -105,10 +105,9 @@ if ((! file_exists ("include/config.php")) || (! is_readable ("include/config.ph exit; } -// Real start -if(session_id() == '') { - session_start (); -} +////////////////////////////////////// +//// PLEASE DO NOT CHANGE ORDER ////// +////////////////////////////////////// require_once ("include/config.php"); require_once ("include/functions_config.php"); @@ -126,6 +125,7 @@ if ($config['metaconsole'] == 1 && $config['enterprise_installed'] == 1) { if (file_exists (ENTERPRISE_DIR . "/include/functions_login.php")) { include_once (ENTERPRISE_DIR . "/include/functions_login.php"); } +//////////////////////////////////////// if (!empty ($config["https"]) && empty ($_SERVER['HTTPS'])) { $query = ''; @@ -564,6 +564,7 @@ if (! isset ($config['id_user'])) { if($home_page == 'Visual console') unset($query_params_redirect["sec2"]); $redirect_url = '?1=1'; foreach ($query_params_redirect as $key => $value) { + if ($key == "login") continue; $redirect_url .= '&'.safe_url_extraclean($key).'='.safe_url_extraclean($value); } header("Location: ".$config['homeurl']."index.php".$redirect_url); @@ -810,8 +811,11 @@ if (isset ($_GET["bye"])) { $iduser = $_SESSION["id_usuario"]; db_logoff ($iduser, $_SERVER['REMOTE_ADDR']); // Unregister Session (compatible with 5.2 and 6.x, old code was deprecated - unset($_SESSION['id_usuario']); - unset($iduser); + $_SESSION = array(); + session_destroy(); + header_remove("Set-Cookie"); + setcookie(session_name(), $_COOKIE[session_name()], time() - 4800, "/"); + if ($config['auth'] == 'saml') { require_once($config['saml_path'] . 'simplesamlphp/lib/_autoload.php'); $as = new SimpleSAML_Auth_Simple('PandoraFMS');