Invalidate expired sessions
This commit is contained in:
parent
da791d3469
commit
36ba266587
4 changed files with 34 additions and 12 deletions
18
index.php
18
index.php
|
@ -92,16 +92,26 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database) {
|
|||
$table_sessions_exists = $database->tableExists('sessions');
|
||||
|
||||
if ($table_sessions_exists) {
|
||||
$persistent = $database
|
||||
$sessions = $database
|
||||
->query(
|
||||
'SELECT *
|
||||
FROM `sessions`
|
||||
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
|
||||
)
|
||||
->fetch();
|
||||
->fetchAll();
|
||||
|
||||
if (false !== $persistent) {
|
||||
$_SESSION['user'] = User::getFromID($persistent['user']);
|
||||
if (false !== $sessions) {
|
||||
$_SESSION['user'] = new User();
|
||||
|
||||
foreach ($sessions as $session) {
|
||||
$expires = strtotime($session['expires']);
|
||||
|
||||
if (time() < $expires) {
|
||||
$_SESSION['user'] = User::getFromID($session['user']);
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,10 +3,11 @@
|
|||
/**
|
||||
* Get cookie domain
|
||||
*/
|
||||
function getCookieDomain(): string {
|
||||
function getCookieDomain(): string
|
||||
{
|
||||
$cookieDomain = $_SERVER['HTTP_HOST'];
|
||||
|
||||
if (defined('CHANNELS') && is_iterable(CHANNELS) && defined('ENV_IS_DEV') && ! ENV_IS_DEV) {
|
||||
if (defined('CHANNELS') && is_iterable(CHANNELS) && defined('ENV_IS_DEV') && ! ENV_IS_DEV && '127.0.0.1' !== $_SERVER['REMOTE_ADDR']) {
|
||||
foreach (CHANNELS as $channel) {
|
||||
if ('stable' === $channel['branch']) {
|
||||
$cookieDomain = $channel['host'];
|
||||
|
|
|
@ -44,12 +44,12 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
|||
*/
|
||||
if (isset($_POST['persistent'])) {
|
||||
/** Cookie options */
|
||||
$sessionPassword = md5(time() . rand(-2147483648, 2147483647));
|
||||
$sessionLifetime = 2592000 * 4; // 4 Months
|
||||
$sessionIsDev = defined('ENV_IS_DEV') && ENV_IS_DEV;
|
||||
$sessionExpires = time() + $sessionLifetime;
|
||||
$sessionIsDev = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
|
||||
$sessionOptions = array (
|
||||
'domain' => getCookieDomain(),
|
||||
'expires' => time() + $sessionLifetime,
|
||||
'expires' => $sessionExpires,
|
||||
'httponly' => true,
|
||||
'path' => '/',
|
||||
'samesite' => 'None',
|
||||
|
@ -57,15 +57,17 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
|||
);
|
||||
|
||||
/** Set cookie */
|
||||
setcookie(COOKIE_PERSISTENT, $sessionPassword, $sessionOptions);
|
||||
setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
|
||||
|
||||
$database->query(
|
||||
'INSERT INTO `sessions` (
|
||||
`user`,
|
||||
`session`
|
||||
`session`,
|
||||
`expires`
|
||||
) VALUES (
|
||||
' . $_SESSION['user']->id . ',
|
||||
"' . $sessionPassword . '"
|
||||
"' . session_id() . '",
|
||||
"' . date('Y-m-d H:i:s', $sessionExpires) . '"
|
||||
);'
|
||||
);
|
||||
}
|
||||
|
|
9
src/update/0-8-0.sql
Normal file
9
src/update/0-8-0.sql
Normal file
|
@ -0,0 +1,9 @@
|
|||
/**
|
||||
* Sessions
|
||||
*/
|
||||
ALTER TABLE
|
||||
`sessions`
|
||||
ADD
|
||||
COLUMN `expires` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP()
|
||||
AFTER
|
||||
`session`;
|
Loading…
Reference in a new issue