From 83dfbc012179558e69a688c51ead2b70ec137ee1 Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 4 May 2006 04:44:41 +0000 Subject: [PATCH 1/1] Fixed some session problems git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@3196 594d385d-05f5-0310-b6e9-bd551577e9d8 --- html/logout.php | 36 ++++++++++++++++++------------ html/main.php | 13 ++++++++++- ihtml/themes/default/framework.tpl | 2 +- include/functions_setup.inc | 5 +++++ include/php_setup.inc | 6 ----- 5 files changed, 40 insertions(+), 22 deletions(-) diff --git a/html/logout.php b/html/logout.php index 911663708..6fb8bcc61 100644 --- a/html/logout.php +++ b/html/logout.php @@ -23,35 +23,45 @@ require_once ("../include/php_setup.inc"); require_once ("functions.inc"); header("Content-type: text/html; charset=UTF-8"); get_dir_list("$BASE_DIR/plugins"); -@session_start(); -/* Do logout-logging and destroy session */ -if(isset($_SESSION['logout_was_posted_several_times'])){ - header ("Location: index.php"); -} - -if (isset($_SESSION['config'])){ +/* try to start session, so we can remove userlocks, + if the old session is still available */ +@session_start(); +if(isset($_SESSION['ui'])){ + + /* Get config & ui informations */ $ui= $_SESSION["ui"]; + + /* config used for del_user_locks & some lines below to detect the language */ $config= $_SESSION["config"]; /* Remove all locks of this user */ del_user_locks($ui->dn); + + /* Write something to log */ + gosa_log ("User \"".$ui->username."\" logged out"); +} +/* If GET request is posted, the logout was forced by pressing the link */ +if (isset($_GET['request'])){ + + /* destroy old session */ @session_unset (); @session_destroy (); - @session_start(); - $_SESSION['logout_was_posted_several_times'] = 1; - gosa_log ("User \"".$ui->username."\" logged out".$_SESSION['logout_was_posted_several_times']); + /* Go back to the base via header */ header ("Location: index.php"); + exit(); -}else{ +}else{ // The logout wasn't forced, so the session is invalid + /* Language setup */ if ((!isset($config))||(empty($config->data['MAIN']['LANG']))){ $lang= get_browser_language(); } else { $lang= $config->data['MAIN']['LANG']; } + $lang.=".UTF-8"; putenv("LANGUAGE="); putenv("LANG=$lang"); @@ -64,7 +74,7 @@ if (isset($_SESSION['config'])){ bindtextdomain($domain, "$BASE_DIR/locale"); textdomain($domain); - /* Set template compile directory */ + /* Create smarty & Set template compile directory */ $smarty= new smarty(); if (isset ($config->data['MAIN']['COMPILE'])){ $smarty->compile_dir= $config->data['MAIN']['COMPILE']; @@ -73,8 +83,6 @@ if (isset($_SESSION['config'])){ } $smarty->display (get_template_path('headers.tpl')); $smarty->display (get_template_path('logout.tpl')); - @session_destroy (); - @session_unset (); exit; } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/html/main.php b/html/main.php index e589f9597..2ae93bc3c 100644 --- a/html/main.php +++ b/html/main.php @@ -33,12 +33,23 @@ $domain = 'messages'; bindtextdomain($domain, "$BASE_DIR/locale"); textdomain($domain); -/* Set cookie lifetime to one day */ +/* Set cookie lifetime to one day (The parameter is in seconds ) */ session_set_cookie_params(24*60*60); +/* Set cache limter to one day (parameter is minutes !!)*/ +session_cache_expire(60*24); // default is 180 + +/* Set session max lifetime, to prevent the garbage collector to delete session before timeout. + !! The garbage collector is a cron job on debian systems, the cronjob will fetch the timeout from + the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */ +ini_set("session.gc_maxlifetime",24*60*60); + /* Remember everything we did after the last click */ session_start (); +if(ini_get("session.gc_maxlifetime")){ + +} if ($_SERVER["REQUEST_METHOD"] == "POST"){ @DEBUG (DEBUG_POST, __LINE__, __FUNCTION__, __FILE__, $_POST, "_POST"); diff --git a/ihtml/themes/default/framework.tpl b/ihtml/themes/default/framework.tpl index deca1354d..0fd49266e 100644 --- a/ihtml/themes/default/framework.tpl +++ b/ihtml/themes/default/framework.tpl @@ -21,7 +21,7 @@ - + GOSA2 {t}Sign out{/t} diff --git a/include/functions_setup.inc b/include/functions_setup.inc index 77ca026fb..eb63ea93b 100644 --- a/include/functions_setup.inc +++ b/include/functions_setup.inc @@ -311,6 +311,7 @@ function perform_php_checks(&$faults) $msg= ""; $msg.= "

"._("PHP setup inspection")."

"; + $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"), _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."), version_compare(phpversion(), "4.1.0")>=0); @@ -318,6 +319,10 @@ function perform_php_checks(&$faults) $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"), _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."), $check_globals == 0, FALSE); + + $msg.= check ( $faults, _("PHP session.gc_maxlifetime (>= 86400 seconds)."), + _("PHP uses this value for the garbage collector to delete old sessions, setting this value to one day will prevent loosing session and cookie before they really timeout."), + ini_get("session.gc_maxlifetime") >= 86400,FALSE); $msg.= check ( $faults, _("Checking for ldap module"), _("This is the main module used by GOsa and therefore really required."), diff --git a/include/php_setup.inc b/include/php_setup.inc index 6fafb2dcd..8676ae819 100644 --- a/include/php_setup.inc +++ b/include/php_setup.inc @@ -165,12 +165,6 @@ ini_set("display_errors",1); ini_set("report_memleaks",1); ini_set("include_path",".:$BASE_DIR/include"); -/* This specifies, how old a session file must be, before it is deleted - Don't change this value, use gosa.conf session_lifetime instead - ^ Value in seconds = 1 day, php.ini default is 1440 ~ 24 min -*/ -ini_set("session.gc_maxlifetime",8640); - /* Do smarty setup */ require("smarty/Smarty.class.php"); $smarty = new Smarty; -- 2.30.2