Revision 2391,
1.2 KB
checked in by niltonneto, 15 years ago
(diff) |
Ticket #1018 - Corrigido validação de sessão em requisições AJAX.
|
Line | |
---|
1 | <?php |
---|
2 | if ( isset( $_COOKIE[ 'sessionid' ] ) ) |
---|
3 | session_id( $_COOKIE[ 'sessionid' ] ); |
---|
4 | |
---|
5 | session_start( ); |
---|
6 | |
---|
7 | $sess = $_SESSION[ 'phpgw_session' ]; |
---|
8 | $connection_id = "{$sess['session_id']}{$sess['session_ip']}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); |
---|
9 | |
---|
10 | |
---|
11 | if (empty($_SESSION['phpgw_session']['session_id']) || ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id)) |
---|
12 | { |
---|
13 | if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) { |
---|
14 | error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 ); |
---|
15 | @require_once dirname( __FILE__ ) . '/logout.php'; |
---|
16 | } |
---|
17 | |
---|
18 | setcookie(session_name(),"",0); // Removing session cookie. |
---|
19 | unset($_SESSION); // Removing session values. |
---|
20 | // From ExpressoAjax response "nosession" |
---|
21 | if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){ |
---|
22 | echo serialize(array("nosession" => true)); |
---|
23 | exit; |
---|
24 | } |
---|
25 | } |
---|
26 | else{ |
---|
27 | // From ExpressoAjax update session_dla (datetime last access). |
---|
28 | if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")) |
---|
29 | $_SESSION['phpgw_session']['session_dla'] = time(); |
---|
30 | } |
---|
31 | ?> |
---|
Note: See
TracBrowser
for help on using the repository browser.