Changeset 2391

Timestamp:

03/30/10 17:38:44 (14 years ago)

Author:

niltonneto

Message:

Ticket #1018 - Corrigido validação de sessão em requisições AJAX.

Location:

branches/2.0

Files:

• expressoMail1_2/js/connector.js (modified) (1 diff)
• header.session.inc.php (modified) (1 diff)

branches/2.0/expressoMail1_2/js/connector.js

@@ -343 +343 @@
                                                                 if ( typeof data == 'undefined' )
                                                                         data = oxmlhttp.responseText;
+                                                                // Verify user session
+                                                                if(data && data.nosession){
+                                                                // If hold session is setted, dont reload the page ...
+                                                                        if(hold_session) {
+                                                                                if(typeof(write_msg) == "function" && typeof(get_lang) == "function")
+                                                                                        write_msg(get_lang("your session could not be verified."));
+                                                                                else
+                                                                                        alert("your session could not be verified.");
+                                                                        }
+                                                                        else
+                                                                                window.location.reload();
+
+                                                                        delete _thisObject.requests[id];
+                                                                        _thisObject.requests[id] = null;
+                                                                        return false;
+                                                                }
                                                                 if(debug_controller) {
                                                                         document.getElementById("debug_controller").innerHTML += oxmlhttp.responseText;

branches/2.0/header.session.inc.php

@@ -11 +11 @@
         if (empty($_SESSION['phpgw_session']['session_id']) || ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id))
         {
-                if($_SESSION['connection_db_info']['user_auth'])
+                if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) {
                         error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 );
-                setcookie("PHPSESSID","",0);
-                setcookie ("sessionid","",0);   
-                unset($_SESSION);
+                        @require_once dirname( __FILE__ ) . '/logout.php';
+                }
+
+                setcookie(session_name(),"",0); // Removing session cookie.
+                unset($_SESSION);                               // Removing session values.
+                // From ExpressoAjax response "nosession"
+                if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){
+                        echo serialize(array("nosession" => true));
+                        exit;
+                }
+        }
+        else{
+                // From ExpressoAjax update session_dla (datetime last access). 
+                if(strstr($_SERVER['SCRIPT_URL'],"/controller.php"))
+                        $_SESSION['phpgw_session']['session_dla'] = time();
         }
 ?>