index 1e96f0c0dd0141a9ccb55adaccf727768ee85b1b..4a98ad2dc6aa31bd2c67c050b05b3558ea58e707 100644 (file)
<?php
/*
- This code is part of GOsa (https://oss.gonicus.de/labs/gosa/)
- Copyright (C) 2007 Fabian Hickert
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-
class session {
public static function get_session_size()
the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */
ini_set("session.gc_maxlifetime",24*60*60);
session_start();
+
+ /* Check for changed browsers and bail out */
+ if (isset($_SESSION['HTTP_USER_AGENT']))
+ {
+ if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
+ session_destroy();
+ session_start();
+ }
+ } else {
+ $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
+ }
+
+ /* Regenerate ID to increase security */
+ if (!isset($_SESSION['started'])){
+ session_regenerate_id();
+ $_SESSION['started'] = true;
+ }
}
public static function destroy()
{
- session_destroy();
+ @session_destroy();
}
public static function set_lifetime($seconds = -1)