Session expiration ignoring notifications checks

2019-07-01 12:46:09 +02:00 · 2019-07-01 12:46:09 +02:00 · a6327a16ad
parent 8ec2ec9d0d
commit a6327a16ad
3 changed files with 159 additions and 38 deletions
--- a/pandora_console/ajax.php
+++ b/pandora_console/ajax.php
@ -1,17 +1,34 @@
 <?php
+/**
+ * Ajax handler.
+ *
+ * @category   Ajax handler.
+ * @package    Pandora FMS.
+ * @subpackage OpenSource.
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
+
+// Begin.
+define('AJAX', true);

-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public License
-// as published by the Free Software Foundation; version 2
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-// Enable profiler for testing
 if (!defined('__PAN_XHPROF__')) {
    define('__PAN_XHPROF__', 0);
 }
@ -56,7 +73,7 @@ if (isset($_GET['loginhash'])) {

 $public_hash = get_parameter('hash', false);

-// Check user
+// Check user.
 if ($public_hash == false) {
    check_login();
 } else {
@ -68,9 +85,9 @@ if ($public_hash == false) {
    }
 }

-define('AJAX', true);

-// Enterprise support
+
+// Enterprise support.
 if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
    include_once ENTERPRISE_DIR.'/load_enterprise.php';
 }
@ -86,11 +103,9 @@ if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) {
    $config['relative_path'] = enterprise_hook('skins_set_image_skin_path', [$config['id_user']]);
 }

-if (isset($config['metaconsole'])) {
-    // Not cool way of know if we are executing from metaconsole or normal console
-    if ($config['metaconsole']) {
-        define('METACONSOLE', true);
-    }
+if (is_metaconsole()) {
+    // Backward compatibility.
+    define('METACONSOLE', true);
 }

 if (file_exists($page)) {
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@ -2879,7 +2879,17 @@ function config_prepare_session()

    // Reset the expiration time upon page load //session_name() is default name of session PHPSESSID.
    if (isset($_COOKIE[session_name()])) {
-        setcookie(session_name(), $_COOKIE[session_name()], (time() + $sessionCookieExpireTime), '/');
+        $update_cookie = true;
+        if (is_ajax()) {
+            // Avoid session upadte while processing ajax responses - notifications.
+            if (get_parameter('check_new_notifications', false)) {
+                $update_cookie = false;
+            }
+        }
+
+        if ($update_cookie === true) {
+            setcookie(session_name(), $_COOKIE[session_name()], (time() + $sessionCookieExpireTime), '/');
+        }
    }

    ini_set('post_max_size', $config['max_file_size']);
--- a/pandora_console/include/load_session.php
+++ b/pandora_console/include/load_session.php
@ -1,32 +1,75 @@
 <?php
+/**
+ * Session manager.
+ *
+ * @category   Session handler.
+ * @package    Pandora FMS.
+ * @subpackage OpenSource.
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */

-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2009 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the  GNU Lesser General Public License
-// as published by the Free Software Foundation; version 2
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
+// Begin.
+
+
+/**
+ * Open session.
+ *
+ * @param string $save_path    Save path.
+ * @param string $session_name Session name.
+ *
+ * @return boolean
+ */
 function pandora_session_open($save_path, $session_name)
 {
    return true;
 }


+/**
+ * Close session.
+ *
+ * @return boolean
+ */
 function pandora_session_close()
 {
    return true;
 }


+/**
+ * Read a session.
+ *
+ * @param string $session_id Session ID.
+ *
+ * @return string Session data.
+ */
 function pandora_session_read($session_id)
 {
    $session_id = addslashes($session_id);
-    $session_data = db_get_value('data', 'tsessions_php', 'id_session', $session_id);
+    $session_data = db_get_value(
+        'data',
+        'tsessions_php',
+        'id_session',
+        $session_id
+    );

    if (!empty($session_data)) {
        return $session_data;
@ -36,10 +79,25 @@ function pandora_session_read($session_id)
 }


+/**
+ * Write session data.
+ *
+ * @param string $session_id Session id.
+ * @param string $data       Data.
+ *
+ * @return boolean
+ */
 function pandora_session_write($session_id, $data)
 {
    $session_id = addslashes($session_id);

+    if (is_ajax()) {
+        // Avoid session upadte while processing ajax responses - notifications.
+        if (get_parameter('check_new_notifications', false)) {
+            return false;
+        }
+    }
+
    $values = [];
    $values['last_active'] = time();

@ -47,29 +105,55 @@ function pandora_session_write($session_id, $data)
        $values['data'] = addslashes($data);
    }

-    $session_exists = (bool) db_get_value('COUNT(id_session)', 'tsessions_php', 'id_session', $session_id);
+    $session_exists = (bool) db_get_value(
+        'COUNT(id_session)',
+        'tsessions_php',
+        'id_session',
+        $session_id
+    );

    if (!$session_exists) {
        $values['id_session'] = $session_id;
        $retval_write = db_process_sql_insert('tsessions_php', $values);
    } else {
-        $retval_write = db_process_sql_update('tsessions_php', $values, ['id_session' => $session_id]);
+        $retval_write = db_process_sql_update(
+            'tsessions_php',
+            $values,
+            ['id_session' => $session_id]
+        );
    }

    return $retval_write !== false;
 }


+/**
+ * Destroy a session.
+ *
+ * @param string $session_id Session Id.
+ *
+ * @return boolean
+ */
 function pandora_session_destroy($session_id)
 {
    $session_id = addslashes($session_id);

-    $retval = (bool) db_process_sql_delete('tsessions_php', ['id_session' => $session_id]);
+    $retval = (bool) db_process_sql_delete(
+        'tsessions_php',
+        ['id_session' => $session_id]
+    );

    return $retval;
 }


+/**
+ * Session garbage collector.
+ *
+ * @param integer $max_lifetime Max lifetime.
+ *
+ * @return boolean.
+ */
 function pandora_session_gc($max_lifetime=300)
 {
    global $config;
@ -80,7 +164,12 @@ function pandora_session_gc($max_lifetime=300)

    $time_limit = (time() - $max_lifetime);

-    $retval = (bool) db_process_sql_delete('tsessions_php', ['last_active' => '<'.$time_limit]);
+    $retval = (bool) db_process_sql_delete(
+        'tsessions_php',
+        [
+            'last_active' => '<'.$time_limit,
+        ]
+    );

    return $retval;
 }
@ -88,5 +177,12 @@ function pandora_session_gc($max_lifetime=300)

 // FIXME: SAML should work with pandora session handlers
 if (db_get_value('value', 'tconfig', 'token', 'auth') != 'saml') {
-    $result_handler = session_set_save_handler('pandora_session_open', 'pandora_session_close', 'pandora_session_read', 'pandora_session_write', 'pandora_session_destroy', 'pandora_session_gc');
+    $result_handler = session_set_save_handler(
+        'pandora_session_open',
+        'pandora_session_close',
+        'pandora_session_read',
+        'pandora_session_write',
+        'pandora_session_destroy',
+        'pandora_session_gc'
+    );
 }