adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-19 02:56:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Switched over to using the previously unused Security::inactiveMins() method for getting timeout modifiers

Browse source 
Signed-off-by: Mark Story <mark@mark-story.com>
This commit is contained in:
Richard Sbresny 2010-05-07 16:37:14 +10:00 committed by Mark Story
parent 5cf08cbe92
commit b04a3f8514
2 changed files with 18 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
cake/libs/cake_session.php
View file

@ -199,18 +199,6 @@ class CakeSession extends Object {
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level');
}
switch ($this->security) {
case 'medium':
$this->factor = 5040;
break;
case 'low':
$this->factor = 2628000;
break;
case 'high':
default:
$this->factor = 10;
break;
}
parent::__construct();
}
@ -487,20 +475,20 @@ class CakeSession extends Object {
switch ($this->security) {
case 'high':
$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
break;
case 'medium':
$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
break;
case 'low':
default:
$this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
$this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
break;
}
@ -627,11 +615,11 @@ class CakeSession extends Object {
if (Configure::read('Security.level') === 'high') {
$check = $this->read('Config.timeout');
$check = $check - 1;
$this->write('Config.timeout', $this->factor);
$this->write('Config.timeout', Security::inactiveMins());
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew();
$this->write('Config.timeout', $this->factor);
$this->write('Config.timeout', Security::inactiveMins());
}
}
$this->valid = true;
@ -643,7 +631,7 @@ class CakeSession extends Object {
} else {
$this->write('Config.userAgent', $this->_userAgent);
$this->write('Config.time', $this->sessionTime);
$this->write('Config.timeout', $this->factor);
$this->write('Config.timeout', Security::inactiveMins());
$this->valid = true;
$this->__setError(1, 'Session is valid');
}
@ -771,21 +759,7 @@ class CakeSession extends Object {
* @access private
*/
function __write($id, $data) {
switch (Configure::read('Security.level')) {
case 'medium':
$factor = 5040;
break;
case 'low':
$factor = 2628000;
break;
case 'high':
default:
$factor = 10;
break;
}
$expires = time() + Configure::read('Session.timeout') * $factor;
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session');
$return = $model->save(compact('id', 'data', 'expires'));
return $return;

21
cake/tests/cases/libs/controller/components/session.test.php
View file

@ -351,31 +351,32 @@ class SessionComponentTest extends CakeTestCase {
function testSessionTimeout() {
session_destroy();
$Session =& new SessionComponent();
unset($Session);
Configure::write('Security.level', 'low');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy();
$Session =& new SessionComponent();
Configure::write('Security.level', 'medium');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy();
$Session =& new SessionComponent();
Configure::write('Security.level', 'high');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
}
}