Commit 49690216b23fc29efdc6ccaac26fc983fb5d4af8
1 parent
176e3654
removed everything except userID from session
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@275 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
12 additions
and
7 deletions
lib/Session.inc
| ... | ... | @@ -21,14 +21,14 @@ class Session { |
| 21 | 21 | |
| 22 | 22 | session_start(); |
| 23 | 23 | |
| 24 | - // bind userID to session | |
| 24 | + // bind user details to session | |
| 25 | 25 | $_SESSION["userID"] = $userDetails["userID"]; |
| 26 | - | |
| 27 | - // lookup group id and add to session | |
| 26 | + /* | |
| 28 | 27 | $_SESSION["groupID"] = $userDetails["groupID"]; |
| 29 | 28 | $_SESSION["unitID"] = $userDetails["unitID"]; |
| 29 | + $_SESSION["organisationID"] = $userDetails["organisationID"]; | |
| 30 | 30 | $_SESSION["username"] = $userDetails["username"]; |
| 31 | - | |
| 31 | + */ | |
| 32 | 32 | $default->log->debug("Session::create session variables=" . arrayToString($_SESSION)); |
| 33 | 33 | |
| 34 | 34 | // use the PHP generated session id |
| ... | ... | @@ -104,6 +104,7 @@ class Session { |
| 104 | 104 | |
| 105 | 105 | // found one match |
| 106 | 106 | if ($numrows == 1) { |
| 107 | + $userID = $sql->f("user_id"); | |
| 107 | 108 | $default->log->debug("Session::verify found session in db"); |
| 108 | 109 | while($sql->next_record()) { |
| 109 | 110 | $ip = $this->getClientIP(); |
| ... | ... | @@ -115,9 +116,11 @@ class Session { |
| 115 | 116 | $default->log->debug("Session::verify current time=" . time()); |
| 116 | 117 | $diff = time() - strtotime($lastused); |
| 117 | 118 | $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff"); |
| 118 | - if((time() - strtotime($lastused)) <= $default->owl_timeout) { | |
| 119 | + if($diff <= $default->owl_timeout) { | |
| 119 | 120 | // session has been verified, update status |
| 120 | 121 | $sessionStatus = 1; |
| 122 | + // use userID to refresh user details and set on session | |
| 123 | + | |
| 121 | 124 | // ??: will this change during a user session? |
| 122 | 125 | // only set the userID if its not in the array already |
| 123 | 126 | if (!$_SESSION["userID"]) { |
| ... | ... | @@ -140,12 +143,14 @@ class Session { |
| 140 | 143 | } else { |
| 141 | 144 | // session timed out status |
| 142 | 145 | $sessionStatus = 2; |
| 143 | - $default->errorMessage = $lang_sesstimeout; | |
| 146 | + // remove old sessions | |
| 147 | + Session::removeStaleSessions($userID); | |
| 148 | + $_SESSION["errorMessage"] = $lang_sesstimeout; | |
| 144 | 149 | } |
| 145 | 150 | } else { |
| 146 | 151 | // session in use status |
| 147 | 152 | $sessionStatus = 3; |
| 148 | - $default->errorMessage = $lang_sessinuse; | |
| 153 | + $_SESSION["errorMessage"] = $lang_sessinuse; | |
| 149 | 154 | } |
| 150 | 155 | } |
| 151 | 156 | } | ... | ... |