Commit 49690216b23fc29efdc6ccaac26fc983fb5d4af8
1 parent
176e3654
removed everything except userID from session
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@275 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
12 additions
and
7 deletions
lib/Session.inc
| @@ -21,14 +21,14 @@ class Session { | @@ -21,14 +21,14 @@ class Session { | ||
| 21 | 21 | ||
| 22 | session_start(); | 22 | session_start(); |
| 23 | 23 | ||
| 24 | - // bind userID to session | 24 | + // bind user details to session |
| 25 | $_SESSION["userID"] = $userDetails["userID"]; | 25 | $_SESSION["userID"] = $userDetails["userID"]; |
| 26 | - | ||
| 27 | - // lookup group id and add to session | 26 | + /* |
| 28 | $_SESSION["groupID"] = $userDetails["groupID"]; | 27 | $_SESSION["groupID"] = $userDetails["groupID"]; |
| 29 | $_SESSION["unitID"] = $userDetails["unitID"]; | 28 | $_SESSION["unitID"] = $userDetails["unitID"]; |
| 29 | + $_SESSION["organisationID"] = $userDetails["organisationID"]; | ||
| 30 | $_SESSION["username"] = $userDetails["username"]; | 30 | $_SESSION["username"] = $userDetails["username"]; |
| 31 | - | 31 | + */ |
| 32 | $default->log->debug("Session::create session variables=" . arrayToString($_SESSION)); | 32 | $default->log->debug("Session::create session variables=" . arrayToString($_SESSION)); |
| 33 | 33 | ||
| 34 | // use the PHP generated session id | 34 | // use the PHP generated session id |
| @@ -104,6 +104,7 @@ class Session { | @@ -104,6 +104,7 @@ class Session { | ||
| 104 | 104 | ||
| 105 | // found one match | 105 | // found one match |
| 106 | if ($numrows == 1) { | 106 | if ($numrows == 1) { |
| 107 | + $userID = $sql->f("user_id"); | ||
| 107 | $default->log->debug("Session::verify found session in db"); | 108 | $default->log->debug("Session::verify found session in db"); |
| 108 | while($sql->next_record()) { | 109 | while($sql->next_record()) { |
| 109 | $ip = $this->getClientIP(); | 110 | $ip = $this->getClientIP(); |
| @@ -115,9 +116,11 @@ class Session { | @@ -115,9 +116,11 @@ class Session { | ||
| 115 | $default->log->debug("Session::verify current time=" . time()); | 116 | $default->log->debug("Session::verify current time=" . time()); |
| 116 | $diff = time() - strtotime($lastused); | 117 | $diff = time() - strtotime($lastused); |
| 117 | $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff"); | 118 | $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff"); |
| 118 | - if((time() - strtotime($lastused)) <= $default->owl_timeout) { | 119 | + if($diff <= $default->owl_timeout) { |
| 119 | // session has been verified, update status | 120 | // session has been verified, update status |
| 120 | $sessionStatus = 1; | 121 | $sessionStatus = 1; |
| 122 | + // use userID to refresh user details and set on session | ||
| 123 | + | ||
| 121 | // ??: will this change during a user session? | 124 | // ??: will this change during a user session? |
| 122 | // only set the userID if its not in the array already | 125 | // only set the userID if its not in the array already |
| 123 | if (!$_SESSION["userID"]) { | 126 | if (!$_SESSION["userID"]) { |
| @@ -140,12 +143,14 @@ class Session { | @@ -140,12 +143,14 @@ class Session { | ||
| 140 | } else { | 143 | } else { |
| 141 | // session timed out status | 144 | // session timed out status |
| 142 | $sessionStatus = 2; | 145 | $sessionStatus = 2; |
| 143 | - $default->errorMessage = $lang_sesstimeout; | 146 | + // remove old sessions |
| 147 | + Session::removeStaleSessions($userID); | ||
| 148 | + $_SESSION["errorMessage"] = $lang_sesstimeout; | ||
| 144 | } | 149 | } |
| 145 | } else { | 150 | } else { |
| 146 | // session in use status | 151 | // session in use status |
| 147 | $sessionStatus = 3; | 152 | $sessionStatus = 3; |
| 148 | - $default->errorMessage = $lang_sessinuse; | 153 | + $_SESSION["errorMessage"] = $lang_sessinuse; |
| 149 | } | 154 | } |
| 150 | } | 155 | } |
| 151 | } | 156 | } |