Updated timezone class

[gosa.git] / gosa-core / include / class_session.inc

diff --git a/gosa-core/include/class_session.inc b/gosa-core/include/class_session.inc
index 1127f6a2ba3974296b294014ec3b2c7e0daa9e5f..4a98ad2dc6aa31bd2c67c050b05b3558ea58e707 100644 (file)
--- a/gosa-core/include/class_session.inc
+++ b/gosa-core/include/class_session.inc
@@ -73,11 +73,28 @@ class session {
                   the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */
                ini_set("session.gc_maxlifetime",24*60*60);
                session_start();
+
+    /* Check for changed browsers and bail out */
+    if (isset($_SESSION['HTTP_USER_AGENT']))
+    {
+      if ($_SESSION['HTTP_USER_AGENT'] !=  md5($_SERVER['HTTP_USER_AGENT'])) {
+        session_destroy();
+        session_start();
+      }
+    } else {
+      $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
+    }
+
+    /* Regenerate ID to increase security */
+    if (!isset($_SESSION['started'])){
+      session_regenerate_id();
+      $_SESSION['started'] = true;
+    }
        }
 
        public static function destroy()
        {
-               session_destroy();
+               @session_destroy();
        }
 
        public static function set_lifetime($seconds = -1)