Commit 1574b84411cc67ec8ed50747980904f17f516c9d
1 parent
551a12e2
When removing stale sessions, add a "timeout" entry in the user_history
table with the time at which the session would have expired. Also, track the session_id for all transactions for later use. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5279 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
4 changed files
with
54 additions
and
10 deletions
lib/documentmanagement/DocumentTransaction.inc
| ... | ... | @@ -74,6 +74,7 @@ class DocumentTransaction { |
| 74 | 74 | } |
| 75 | 75 | |
| 76 | 76 | $this->iUserID = $_SESSION["userID"]; |
| 77 | + $this->iSessionId = $_SESSION["sessionID"]; | |
| 77 | 78 | $oUser = KTUtil::arrayGet($aOptions, 'user'); |
| 78 | 79 | |
| 79 | 80 | if (!(PEAR::isError($oUser) || ($oUser == false))) { |
| ... | ... | @@ -119,6 +120,7 @@ class DocumentTransaction { |
| 119 | 120 | 'filename' => $this->sFileName, |
| 120 | 121 | 'comment' => $this->sComment, |
| 121 | 122 | 'transaction_namespace' => $this->sTransactionNS, |
| 123 | + 'session_id' => $this->iSessionId, | |
| 122 | 124 | ); |
| 123 | 125 | $id =& DBUtil::autoInsert($this->_table(), $aFieldValues); |
| 124 | 126 | ... | ... |
lib/foldermanagement/foldertransaction.inc.php
| ... | ... | @@ -37,6 +37,7 @@ class KTFolderTransaction extends KTEntity { |
| 37 | 37 | 'sIp' => 'ip', |
| 38 | 38 | 'sComment' => 'comment', |
| 39 | 39 | 'sTransactionNS' => 'transaction_namespace', |
| 40 | + 'iSessionId' => 'session_id', | |
| 40 | 41 | ); |
| 41 | 42 | |
| 42 | 43 | var $_bUsePearError = true; |
| ... | ... | @@ -49,6 +50,9 @@ class KTFolderTransaction extends KTEntity { |
| 49 | 50 | if (empty($this->dDateTime)) { |
| 50 | 51 | $this->dDateTime = getCurrentDateTime(); |
| 51 | 52 | } |
| 53 | + if (empty($this->iSessionId)) { | |
| 54 | + $this->iSessionId = $_SESSION['sessionID']; | |
| 55 | + } | |
| 52 | 56 | return parent::_fieldValues(); |
| 53 | 57 | } |
| 54 | 58 | ... | ... |
lib/session/Session.inc
| ... | ... | @@ -61,12 +61,14 @@ class Session { |
| 61 | 61 | if (PEAR::isError($result)) { |
| 62 | 62 | die("Error creating session: " . $result->toString()); |
| 63 | 63 | } |
| 64 | + $_SESSION['sessionID'] = $result; | |
| 64 | 65 | |
| 65 | 66 | $aParams = array( |
| 66 | 67 | 'userid' => $iUserId, |
| 67 | 68 | 'datetime' => date("Y-m-d H:i:s", time()), |
| 68 | 69 | 'actionnamespace' => 'ktcore.user_history.login', |
| 69 | 70 | 'comments' => sprintf('Logged in from %s', $ip), |
| 71 | + 'sessionid' => $_SESSION['sessionID'], | |
| 70 | 72 | ); |
| 71 | 73 | require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); |
| 72 | 74 | $res = KTUserHistory::createFromArray($aParams); |
| ... | ... | @@ -89,14 +91,22 @@ class Session { |
| 89 | 91 | |
| 90 | 92 | session_start(); |
| 91 | 93 | $sSessionID = session_id(); |
| 92 | - $iUserID = $_SESSION["userID"]; | |
| 94 | + $iUserId = $_SESSION["userID"]; | |
| 93 | 95 | |
| 94 | 96 | // remove the session information from the database |
| 95 | 97 | |
| 96 | 98 | $sTable = KTUtil::getTableName('sessions'); |
| 97 | 99 | $res = DBUtil::whereDelete($sTable, array('session_id' => $sSessionID)); |
| 98 | 100 | |
| 99 | - | |
| 101 | + $aParams = array( | |
| 102 | + 'userid' => $iUserId, | |
| 103 | + 'datetime' => date("Y-m-d H:i:s", time()), | |
| 104 | + 'actionnamespace' => 'ktcore.user_history.logout', | |
| 105 | + 'sessionid' => $_SESSION['sessonID'], | |
| 106 | + ); | |
| 107 | + require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); | |
| 108 | + $res = KTUserHistory::createFromArray($aParams); | |
| 109 | + $default->log->info("saving user history - " . print_r($res, true)); | |
| 100 | 110 | |
| 101 | 111 | // remove the php4 session |
| 102 | 112 | unset($_SESSION['userID']); |
| ... | ... | @@ -110,13 +120,37 @@ class Session { |
| 110 | 120 | * |
| 111 | 121 | * @param int the userID to remove stale sessions for |
| 112 | 122 | */ |
| 113 | - function removeStaleSessions($userID = -1) { | |
| 123 | + function removeStaleSessions() { | |
| 114 | 124 | global $default; |
| 115 | - // deletes any sessions for this userID where the default timeout has elapsed. | |
| 116 | - $time = time() - $default->sessionTimeout; | |
| 117 | - $sql = $default->db; | |
| 118 | - $sQuery = "DELETE FROM $default->sessions_table WHERE " . (($userID != -1) ? "user_id=$userID AND " : "") . "lastused <= '" . formatDateTime($time) . "'"; | |
| 119 | - $sql->query($sQuery); | |
| 125 | + $time = time() - $default->sessionTimeout; | |
| 126 | + | |
| 127 | + $sTable = KTUtil::getTableName('sessions'); | |
| 128 | + $aQuery = array( | |
| 129 | + sprintf('SELECT id, lastused, user_id FROM %s WHERE lastused <= ?', $sTable), | |
| 130 | + array(formatDateTime($time)), | |
| 131 | + ); | |
| 132 | + | |
| 133 | + $aSessions = DBUtil::getResultArray($aQuery); | |
| 134 | + | |
| 135 | + foreach ($aSessions as $aSessionData) { | |
| 136 | + $iId = $aSessionData['id']; | |
| 137 | + $dLastUsed = $aSessionData['lastused']; | |
| 138 | + $iUserId = $aSessionData['user_id']; | |
| 139 | + $iTime = strtotime($dLastUsed); | |
| 140 | + $iTime = $iTime + $default->sessionTimeout; | |
| 141 | + $aParams = array( | |
| 142 | + 'userid' => $iUserId, | |
| 143 | + 'datetime' => formatDateTime($iTime), | |
| 144 | + 'actionnamespace' => 'ktcore.user_history.timeout', | |
| 145 | + 'comments' => 'Session timed out', | |
| 146 | + 'sessionid' => $_SESSION['sessionID'], | |
| 147 | + ); | |
| 148 | + require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); | |
| 149 | + $res = KTUserHistory::createFromArray($aParams); | |
| 150 | + $default->log->info("saving user history - " . print_r($res, true)); | |
| 151 | + | |
| 152 | + DBUtil::whereDelete($sTable, array('id' => $iId)); | |
| 153 | + } | |
| 120 | 154 | } |
| 121 | 155 | |
| 122 | 156 | /** |
| ... | ... | @@ -190,11 +224,12 @@ class Session { |
| 190 | 224 | |
| 191 | 225 | return true; |
| 192 | 226 | } else { |
| 227 | + | |
| 228 | + Session::removeStaleSessions(); | |
| 229 | + | |
| 193 | 230 | return PEAR::raiseError('Session timed out'); |
| 194 | 231 | } |
| 195 | 232 | |
| 196 | - // } | |
| 197 | - | |
| 198 | 233 | Session::removeStaleSessions(); |
| 199 | 234 | |
| 200 | 235 | return false; | ... | ... |
lib/users/userhistory.inc.php
| ... | ... | @@ -35,6 +35,7 @@ class KTUserHistory extends KTEntity { |
| 35 | 35 | 'iUserId' => 'user_id', |
| 36 | 36 | 'sActionNamespace' => 'action_namespace', |
| 37 | 37 | 'sComments' => 'comments', |
| 38 | + 'iSessionId' => 'session_id', | |
| 38 | 39 | ); |
| 39 | 40 | |
| 40 | 41 | var $_bUsePearError = true; |
| ... | ... | @@ -47,6 +48,8 @@ class KTUserHistory extends KTEntity { |
| 47 | 48 | function setComments($mValue) { $this->sComments = $sComments; } |
| 48 | 49 | function getActionNamespace() { return $this->sActionNamespace; } |
| 49 | 50 | function setActionNamespace($mValue) { $this->sActionNamespace = $mValue; } |
| 51 | + function getSessionId() { return $this->iSessionId; } | |
| 52 | + function setSessionId($mValue) { $this->iSessionId = $mValue; } | |
| 50 | 53 | |
| 51 | 54 | function _table () { |
| 52 | 55 | return KTUtil::getTableName('user_history'); | ... | ... |