source: trunk/header.session.inc.php @ 2382

Revision 2382, 1.9 KB checked in by niltonneto, 14 years ago (diff)

Ticket #926 - Hardcoded substituído por session_name(). Força logout quando não AJAX.
Line 
1<?php
2
3        /***************************************************************************
4        * Expresso Livre                                                           *
5        * http://www.expressolivre.org                                             *
6        * --------------------------------------------                             *
7        *  This program is free software; you can redistribute it and/or modify it *
8        *  under the terms of the GNU General Public License as published by the   *
9        *  Free Software Foundation; either version 2 of the License, or (at your  *
10        *  option) any later version.                                              *
11        \**************************************************************************/
12        if ( isset( $_COOKIE[ 'sessionid' ] ) )
13                session_id( $_COOKIE[ 'sessionid' ] );
14
15        session_start( );
16        $sess = $_SESSION[ 'phpgw_session' ];
17    $connection_id = "{$sess['session_id']}{$sess['session_ip']}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199);
18 
19        if ( empty($_SESSION['phpgw_session']['session_id']) ||
20                ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id)
21        )
22        {
23                if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) {
24                        error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 );
25                        @require_once dirname( __FILE__ ) . '/logout.php';
26                }
27
28                setcookie(session_name(),"",0); // Removing session cookie.
29                unset($_SESSION);                               // Removing session values.
30                // From ExpressoAjax response "nosession"
31                if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){
32                        echo serialize(array("nosession" => true));
33                        exit;
34                }
35        }
36        else{
37                // From ExpressoAjax update session_dla (datetime last access).
38                if(strstr($_SERVER['SCRIPT_URL'],"/controller.php"))
39                        $_SESSION['phpgw_session']['session_dla'] = time();
40        }
41?>
Note: See TracBrowser for help on using the repository browser.