Revision 2329,
1.0 KB
checked in by niltonneto, 14 years ago
(diff) |
Ticket #926 - Corrigido validação de sessão em requisições AJAX.
|
Line | |
---|
1 | <?php |
---|
2 | session_start( ); |
---|
3 | $sess = $_SESSION[ 'phpgw_session' ]; |
---|
4 | $connection_id = "{$sess['session_id']}{$sess['session_ip']}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); |
---|
5 | |
---|
6 | if ( empty($_SESSION['phpgw_session']['session_id']) || |
---|
7 | ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id) |
---|
8 | ) |
---|
9 | { |
---|
10 | if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) |
---|
11 | error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 ); |
---|
12 | |
---|
13 | setcookie("PHPSESSID","",0); |
---|
14 | setcookie ("sessionid","",0); |
---|
15 | unset($_SESSION); |
---|
16 | // Retorna "nosession" quando for requisições do ExpressoAjax |
---|
17 | if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){ |
---|
18 | echo serialize(array("nosession" => true)); |
---|
19 | exit; |
---|
20 | } |
---|
21 | } |
---|
22 | else{ |
---|
23 | // Keep Alive session user. |
---|
24 | if ( isset( $_COOKIE[ 'sessionid' ] ) ) |
---|
25 | session_id( $_COOKIE[ 'sessionid' ] ); |
---|
26 | $_SESSION['phpgw_session']['session_dla'] = time(); |
---|
27 | } |
---|
28 | ?> |
---|
Note: See
TracBrowser
for help on using the repository browser.