diff --git a/ktapi/KTAPISession.inc.php b/ktapi/KTAPISession.inc.php
index b700f4a..5044819 100644
--- a/ktapi/KTAPISession.inc.php
+++ b/ktapi/KTAPISession.inc.php
@@ -7,31 +7,31 @@
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
- *
+ *
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
- *
- * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
+ *
+ * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
- *
+ *
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
- *
+ *
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original
+ * must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*
@@ -124,10 +124,6 @@ class KTAPI_UserSession extends KTAPI_Session
$this->active = true;
}
-
-
-
-
/**
* This resolves the user's ip
*
@@ -164,18 +160,18 @@ class KTAPI_UserSession extends KTAPI_Session
* @static
* @param User $user
*/
- function _check_session(&$user)
+ function _check_session(&$user, $ip, $app)
{
$user_id = $user->getId();
- Session::removeStaleSessions();
+ Session::removeStaleSessions($user_id);
$config = &KTConfig::getSingleton();
$validateSession = $config->get('webservice/validateSessionCount', false);
if ($validateSession)
{
- $sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = $user_id";
+ $sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = $user_id AND ass.apptype != 'ws'";
$row = DBUtil::getOneResult($sql);
if (PEAR::isError($row))
@@ -193,18 +189,44 @@ class KTAPI_UserSession extends KTAPI_Session
}
$session = session_id();
+ $newSessionRequired = false;
+ if ($app == 'ws')
+ {
+ $sql = "select id from active_sessions where user_id=$user_id AND apptype='ws' and ip='$ip'";
+
+ $row = DBUtil::getOneResult($sql);
+ if (empty($row))
+ {
+ $newSessionRequired = true;
+ }
+ else
+ {
+ $sessionid = $row['id'];
+ $sql = "update active_sessions set session_id='$session' where id=$sessionid";
+
+ DBUtil::runQuery($sql);
+ }
+ }
+ else
+ {
+ $newSessionRequired = true;
+ }
- $sessionid = DBUtil::autoInsert('active_sessions',
- array(
- 'user_id' => $user_id,
- 'session_id' => session_id(),
- 'lastused' => date('Y-m-d H:i:s'),
- 'ip' => $ip
- ));
- if (PEAR::isError($sessionid) )
- {
- return $sessionid;
- }
+ if ($newSessionRequired)
+ {
+ $sessionid = DBUtil::autoInsert('active_sessions',
+ array(
+ 'user_id' => $user_id,
+ 'session_id' => session_id(),
+ 'lastused' => date('Y-m-d H:i:s'),
+ 'ip' => $ip,
+ 'apptype'=>$app
+ ));
+ if (PEAR::isError($sessionid) )
+ {
+ return $sessionid;
+ }
+ }
return array($session,$sessionid);
}
@@ -219,7 +241,7 @@ class KTAPI_UserSession extends KTAPI_Session
* @param string $password
* @return KTAPI_Session
*/
- function &start_session(&$ktapi, $username, $password, $ip=null)
+ function &start_session(&$ktapi, $username, $password, $ip=null, $app='ws')
{
$this->active=false;
if ( empty($username) )
@@ -247,11 +269,11 @@ class KTAPI_UserSession extends KTAPI_Session
if (is_null($ip))
{
- $ip = '127.0.0.1';
- //$ip = KTAPI_Session::resolveIP();
+ //$ip = '127.0.0.1';
+ $ip = KTAPI_Session::resolveIP();
}
- $result = KTAPI_UserSession::_check_session($user);
+ $result = KTAPI_UserSession::_check_session($user, $ip, $app);
if (PEAR::isError($result))
{
@@ -273,9 +295,9 @@ class KTAPI_UserSession extends KTAPI_Session
* @param string $ip
* @return KTAPI_Session
*/
- function &get_active_session(&$ktapi, $session, $ip)
+ function &get_active_session(&$ktapi, $session, $ip, $app='ws')
{
- $sql = "SELECT id, user_id FROM active_sessions WHERE session_id='$session'";
+ $sql = "SELECT id, user_id FROM active_sessions WHERE session_id='$session' and apptype='$app'";
if (!empty($ip))
{
$sql .= " AND ip='$ip'";
@@ -296,13 +318,10 @@ class KTAPI_UserSession extends KTAPI_Session
return new KTAPI_Error(KTAPI_ERROR_USER_INVALID, $user);
}
-
-
$now=date('Y-m-d H:i:s');
$sql = "UPDATE active_sessions SET lastused='$now' WHERE id=$sessionid";
DBUtil::runQuery($sql);
-
if ($user->isAnonymous())
$session = &new KTAPI_AnonymousSession($ktapi, $user, $session, $sessionid, $ip);
else
@@ -333,7 +352,7 @@ class KTAPI_UserSession extends KTAPI_Session
class KTAPI_AnonymousSession extends KTAPI_UserSession
{
- function &start_session(&$ktapi, $ip=null)
+ function &start_session(&$ktapi, $ip=null, $app = 'ws')
{
$user =& User::get(-2);
if (is_null($user) || PEAR::isError($user) || ($user === false) || !$user->isAnonymous())
@@ -357,7 +376,7 @@ class KTAPI_AnonymousSession extends KTAPI_UserSession
//$ip = KTAPI_Session::resolveIP();
}
- list($session,$sessionid) = KTAPI_UserSession::_check_session($user);
+ list($session,$sessionid) = KTAPI_UserSession::_check_session($user, $ip, $app);
if (PEAR::isError($sessionid))
{
return $sessionid;
diff --git a/ktapi/ktapi.inc.php b/ktapi/ktapi.inc.php
index 39ea338..46067d3 100644
--- a/ktapi/ktapi.inc.php
+++ b/ktapi/ktapi.inc.php
@@ -8,31 +8,31 @@
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
- *
+ *
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
- *
- * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
+ *
+ * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
- *
+ *
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
- *
+ *
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original
+ * must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*
@@ -219,14 +219,14 @@ class KTAPI
* @param string $session
* @return KTAPI_Session
*/
- function & get_active_session($session, $ip=null)
+ function & get_active_session($session, $ip=null, $app='ws')
{
if (!is_null($this->session))
{
return new PEAR_Error('A session is currently active.');
}
- $session = &KTAPI_UserSession::get_active_session($this, $session, $ip);
+ $session = &KTAPI_UserSession::get_active_session($this, $session, $ip, $app);
if (is_null($session) || PEAR::isError($session))
{
@@ -245,14 +245,14 @@ class KTAPI
* @param string $password
* @return KTAPI_Session
*/
- function & start_session($username, $password, $ip=null)
+ function & start_session($username, $password, $ip=null, $app='ws')
{
if (!is_null($this->session))
{
return new PEAR_Error('A session is currently active.');
}
- $session = &KTAPI_UserSession::start_session($this, $username, $password, $ip);
+ $session = &KTAPI_UserSession::start_session($this, $username, $password, $ip, $app);
if (is_null($session))
{
return new PEAR_Error('Session is null.');
diff --git a/lib/session/Session.inc b/lib/session/Session.inc
index 043a157..56fcb86 100644
--- a/lib/session/Session.inc
+++ b/lib/session/Session.inc
@@ -8,31 +8,31 @@
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
- *
+ *
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
- *
- * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
+ *
+ * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
- *
+ *
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
- *
+ *
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original
+ * must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*/
@@ -149,35 +149,60 @@ class Session {
*
* @param int the userID to remove stale sessions for
*/
- function removeStaleSessions() {
+ function removeStaleSessions($iUserId = null) {
global $default;
$time = time() - $default->sessionTimeout;
+ // for web service sessions, we will expire after a month.
+ $monthPeriod = 30 * 24 * 60 * 60;
+ $wsTimeout = time() - $monthPeriod;
+
+ if (is_null($iUserId))
+ {
+ $iUserId = $_SESSION['userID'];
+ // if the userid cannot be resolved, we will cleanup the entire sessions table
+ if (empty($iUserId))
+ {
+ $iUserId = 0;
+ }
+ }
+
$sTable = KTUtil::getTableName('sessions');
+ $mintime = formatDateTime($time);
+ $mintime2 = formatDateTime($wsTimeout);
$aQuery = array(
- sprintf('SELECT id, lastused, user_id FROM %s WHERE lastused <= ?', $sTable),
- array(formatDateTime($time)),
+ sprintf("SELECT id, lastused, apptype FROM %s WHERE (user_id = $iUserId OR $iUserId = 0) AND ( (lastused <= '$mintime' and apptype == 'webapp') or (lastused <= '$mintime2' and apptype !='webapp') )", $sTable)
);
$aSessions = DBUtil::getResultArray($aQuery);
+ $sSessionId = session_id();
+
+ $deleteIds = array();
foreach ($aSessions as $aSessionData) {
$iId = $aSessionData['id'];
$dLastUsed = $aSessionData['lastused'];
- $iUserId = $aSessionData['user_id'];
$iTime = strtotime($dLastUsed);
- $iTime = $iTime + $default->sessionTimeout;
+
+ $iTime = $iTime + ($aSessionData['apptype'] == 'ws')?$monthPeriod:$default->sessionTimeout;
$aParams = array(
'userid' => $iUserId,
'datetime' => formatDateTime($iTime),
'actionnamespace' => 'ktcore.user_history.timeout',
'comments' => 'Session timed out',
- 'sessionid' => $_SESSION['sessionID'],
+ 'sessionid' => $sSessionId,
);
require_once(KT_LIB_DIR . '/users/userhistory.inc.php');
$res = KTUserHistory::createFromArray($aParams);
- DBUtil::whereDelete($sTable, array('id' => $iId));
+ $deleteIds[] = $iId;
+ }
+
+ if (!empty($deleteIds))
+ {
+ $deleteIds = implode(',',$deleteIds);
+ $sql = "delete from active_sessions where id in ($deleteIds)";
+ DBUtil::runQuery($sql);
}
}