Commit 01238db5fad87d4ab5feb3690f944b91dc6aa78c
1 parent
bc7a46d1
Altered session_id management in ajaxhandler to fix remote xss session drops
Showing
1 changed file
with
7 additions
and
6 deletions
webservice/clienttools/ajaxhandler.php
| ... | ... | @@ -54,12 +54,6 @@ class ajaxHandler{ |
| 54 | 54 | $this->ret->addDebug('Remote IP',$this->remoteIp); |
| 55 | 55 | |
| 56 | 56 | |
| 57 | - if($this->auth['session'])session_id($this->auth['session']); | |
| 58 | - $this->session=session_id(); | |
| 59 | - $this->log("[__construct]Session Restarted as: {$this->session}"); | |
| 60 | - // session_id('BLANK_SESSION'); | |
| 61 | - | |
| 62 | - | |
| 63 | 57 | |
| 64 | 58 | //========================= 1. Parse Json |
| 65 | 59 | $this->log("[__construct]ENTERING Parse Json"); |
| ... | ... | @@ -79,6 +73,13 @@ class ajaxHandler{ |
| 79 | 73 | $this->ret->setTitle($this->request['service'].'::'.$this->request['function']); |
| 80 | 74 | $this->ret->setDebug('Server Versions',$this->getServerVersions()); |
| 81 | 75 | |
| 76 | + $this->ret->addDebug('Session From Server: ',$this->auth); | |
| 77 | + if($this->auth['session'])session_id($this->auth['session']); | |
| 78 | + $this->session=session_id(); | |
| 79 | + $this->ret->addDebug('Session in PHP: ',$this->session); | |
| 80 | + $this->log("[__construct]Session Restarted as: {$this->session}"); | |
| 81 | + // session_id('BLANK_SESSION'); | |
| 82 | + | |
| 82 | 83 | |
| 83 | 84 | |
| 84 | 85 | ... | ... |