mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 11:28:25 +00:00
Updated session timeout calculations to use the security level from core.php as the multiplier.
Signed-off-by: Mark Story <mark@mark-story.com>
This commit is contained in:
Richard Sbresny
Mark Story
parent
96d0119abc
commit
a4950f6940
2 changed files with 63 additions and 7 deletions
|
|
@ -130,6 +130,14 @@ class CakeSession extends Object {
|
|||
*/
|
||||
var $host = null;
|
||||
|
||||
/**
|
||||
* Session timeout multiplier factor
|
||||
*
|
||||
* @var ineteger
|
||||
* @access public
|
||||
*/
|
||||
var $timeout = null;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
|
|
@ -190,6 +198,18 @@ class CakeSession extends Object {
|
|||
}
|
||||
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
|
||||
$this->security = Configure::read('Security.level');
|
||||
switch ($this->security) {
|
||||
case 'medium':
|
||||
$this->factor = 100;
|
||||
break;
|
||||
case 'low':
|
||||
$this->factor = 300;
|
||||
break;
|
||||
case 'high':
|
||||
default:
|
||||
$this->factor = 10;
|
||||
break;
|
||||
}
|
||||
}
|
||||
parent::__construct();
|
||||
}
|
||||
|
|
@ -467,20 +487,20 @@ class CakeSession extends Object {
|
|||
|
||||
switch ($this->security) {
|
||||
case 'high':
|
||||
$this->cookieLifeTime = 0;
|
||||
$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
|
||||
if ($iniSet) {
|
||||
ini_set('session.referer_check', $this->host);
|
||||
}
|
||||
break;
|
||||
case 'medium':
|
||||
$this->cookieLifeTime = 7 * 86400;
|
||||
$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
|
||||
if ($iniSet) {
|
||||
ini_set('session.referer_check', $this->host);
|
||||
}
|
||||
break;
|
||||
case 'low':
|
||||
default:
|
||||
$this->cookieLifeTime = 788940000;
|
||||
$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -604,15 +624,14 @@ class CakeSession extends Object {
|
|||
if ((Configure::read('Session.checkAgent') === false || $this->_userAgent == $this->read('Config.userAgent')) && $this->time <= $this->read('Config.time')) {
|
||||
$time = $this->read('Config.time');
|
||||
$this->write('Config.time', $this->sessionTime);
|
||||
|
||||
if (Configure::read('Security.level') === 'high') {
|
||||
$check = $this->read('Config.timeout');
|
||||
$check = $check - 1;
|
||||
$this->write('Config.timeout', $check);
|
||||
$this->write('Config.timeout', $this->factor);
|
||||
|
||||
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
|
||||
$this->renew();
|
||||
$this->write('Config.timeout', 10);
|
||||
$this->write('Config.timeout', $this->factor);
|
||||
}
|
||||
}
|
||||
$this->valid = true;
|
||||
|
|
@ -624,7 +643,7 @@ class CakeSession extends Object {
|
|||
} else {
|
||||
$this->write('Config.userAgent', $this->_userAgent);
|
||||
$this->write('Config.time', $this->sessionTime);
|
||||
$this->write('Config.timeout', 10);
|
||||
$this->write('Config.timeout', $this->factor);
|
||||
$this->valid = true;
|
||||
$this->__setError(1, 'Session is valid');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -341,4 +341,41 @@ class SessionComponentTest extends CakeTestCase {
|
|||
$Session->destroy('Test');
|
||||
$this->assertNull($Session->read('Test'));
|
||||
}
|
||||
|
||||
/**
|
||||
* testSessionTimeout method
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
function testSessionTimeout() {
|
||||
|
||||
session_destroy();
|
||||
$Session =& new SessionComponent();
|
||||
Configure::write('Security.level', 'low');
|
||||
$Session->write('Test', 'some value');
|
||||
$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
|
||||
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
|
||||
$this->assertEqual($Session->time, mktime());
|
||||
$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
|
||||
|
||||
session_destroy();
|
||||
$Session =& new SessionComponent();
|
||||
Configure::write('Security.level', 'medium');
|
||||
$Session->write('Test', 'some value');
|
||||
$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
|
||||
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
|
||||
$this->assertEqual($Session->time, mktime());
|
||||
$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
|
||||
|
||||
session_destroy();
|
||||
$Session =& new SessionComponent();
|
||||
Configure::write('Security.level', 'high');
|
||||
$Session->write('Test', 'some value');
|
||||
$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
|
||||
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
|
||||
$this->assertEqual($Session->time, mktime());
|
||||
$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue