adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-03-18 23:49:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding cookieLifeTime var declaration as it was omitted.

Browse source 
Updating session timeout values so they reflect their values in the past.
Making cookieLifeTime configurable in the medium/low security levels.
Fixing Config.timeout setting to go back to 10.
Fixes #798
This commit is contained in:
mark_story 2010-06-27 12:52:18 -04:00
parent 35d232f08f
commit 4b93e61ed3
2 changed files with 25 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
cake/libs/cake_session.php
View file

@ -98,6 +98,14 @@ class CakeSession extends Object {
*/ */
var $sessionTime = false; var $sessionTime = false;
/**
* The number of seconds to set for session.cookie_lifetime. 0 means
* at browser close.
*
* @var integer
*/
var $cookieLifeTime = false;
/** /**
* Keeps track of keys to watch for writes on * Keeps track of keys to watch for writes on
* *
@ -188,7 +196,7 @@ class CakeSession extends Object {
if (!class_exists('Security')) { if (!class_exists('Security')) {
App::import('Core', 'Security'); App::import('Core', 'Security');
} }
$this->sessionTime = $this->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')); $this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level'); $this->security = Configure::read('Security.level');
} }
parent::__construct(); parent::__construct();
@ -465,8 +473,13 @@ class CakeSession extends Object {
} }
if ($iniSet && ($this->security === 'high' || $this->security === 'medium')) { if ($iniSet && ($this->security === 'high' || $this->security === 'medium')) {
ini_set('session.referer_check', $this->host); ini_set('session.referer_check', $this->host);
}
if ($this->security == 'high') {
$this->cookieLifeTime = 0;
} else {
$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
} }
$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
switch (Configure::read('Session.save')) { switch (Configure::read('Session.save')) {
case 'cake': case 'cake':
@ -593,9 +606,9 @@ class CakeSession extends Object {
$check -= 1; $check -= 1;
$this->write('Config.timeout', $check); $this->write('Config.timeout', $check);
if (time() > ($time - (Security::inactiveMins() * 60 * Configure::read('Session.timeout')) + 2) || $check < 1) { if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew(); $this->renew();
$this->write('Config.timeout', Security::inactiveMins()); $this->write('Config.timeout', 10);
} }
} }
$this->valid = true; $this->valid = true;
@ -607,7 +620,7 @@ class CakeSession extends Object {
} else { } else {
$this->write('Config.userAgent', $this->_userAgent); $this->write('Config.userAgent', $this->_userAgent);
$this->write('Config.time', $this->sessionTime); $this->write('Config.time', $this->sessionTime);
$this->write('Config.timeout', Security::inactiveMins()); $this->write('Config.timeout', 10);
$this->valid = true; $this->valid = true;
$this->__setError(1, 'Session is valid'); $this->__setError(1, 'Session is valid');
} }
@ -735,7 +748,7 @@ class CakeSession extends Object {
* @access private * @access private
*/ */
function __write($id, $data) { function __write($id, $data) {
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins() * 60; $expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session'); $model =& ClassRegistry::getObject('Session');
$return = $model->save(compact('id', 'data', 'expires')); $return = $model->save(compact('id', 'data', 'expires'));
return $return; return $return;

12
cake/tests/cases/libs/controller/components/session.test.php
View file

@ -355,32 +355,32 @@ class SessionComponentTest extends CakeTestCase {
$Session =& new SessionComponent(); $Session =& new SessionComponent();
$Session->write('Test', 'some value'); $Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (300 * 60 * Configure::read('Session.timeout'))); $this->assertEqual($Session->sessionTime, mktime() + (300 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins()); $this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime); $this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime()); $this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout'))); $this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy(); session_destroy();
Configure::write('Security.level', 'medium'); Configure::write('Security.level', 'medium');
$Session =& new SessionComponent(); $Session =& new SessionComponent();
$Session->write('Test', 'some value'); $Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (100 * 60 * Configure::read('Session.timeout'))); $this->assertEqual($Session->sessionTime, mktime() + (100 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins()); $this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime); $this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime()); $this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout'))); $this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy(); session_destroy();
Configure::write('Security.level', 'high'); Configure::write('Security.level', 'high');
$Session =& new SessionComponent(); $Session =& new SessionComponent();
$Session->write('Test', 'some value'); $Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (10 * 60 * Configure::read('Session.timeout'))); $this->assertEqual($Session->sessionTime, mktime() + (10 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins()); $this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime); $this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime()); $this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout'))); $this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
} }
} }