Commit 54e64595ef704424dca092636468a3d38288e158
1 parent
605725b5
WSA-12
"Clean up expired sessions in webservice" Fixed. It now removes stale sessions. WSA-10 "When user max_sessions is reached, attempting to authenticate returns a null session." Fixed. The return from _check_session() was not handled correctly for PEAR::Error Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7025 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
28 additions
and
16 deletions
ktapi/KTAPISession.inc.php
| ... | ... | @@ -172,20 +172,29 @@ class KTAPI_UserSession extends KTAPI_Session |
| 172 | 172 | { |
| 173 | 173 | $user_id = $user->getId(); |
| 174 | 174 | |
| 175 | - $sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = $user_id"; | |
| 176 | - $row = DBUtil::getOneResult($sql); | |
| 177 | - if (PEAR::isError($row)) | |
| 178 | - { | |
| 179 | - return $row; | |
| 180 | - } | |
| 181 | - if (is_null($row)) | |
| 182 | - { | |
| 183 | - return new PEAR_Error('No record found for user?'); | |
| 184 | - } | |
| 185 | - if ($row['over_limit'] == 1) | |
| 186 | - { | |
| 187 | - return new PEAR_Error('Session limit exceeded. Logout of any active sessions.'); | |
| 188 | - } | |
| 175 | + Session::removeStaleSessions(); | |
| 176 | + | |
| 177 | + $config = &KTConfig::getSingleton(); | |
| 178 | + $validateSession = $config->get('webservice/validateSessionCount', true); | |
| 179 | + | |
| 180 | + if ($validateSession) | |
| 181 | + { | |
| 182 | + $sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = $user_id"; | |
| 183 | + $row = DBUtil::getOneResult($sql); | |
| 184 | + | |
| 185 | + if (PEAR::isError($row)) | |
| 186 | + { | |
| 187 | + return $row; | |
| 188 | + } | |
| 189 | + if (is_null($row)) | |
| 190 | + { | |
| 191 | + return new PEAR_Error('No record found for user?'); | |
| 192 | + } | |
| 193 | + if ($row['over_limit']+0 == 1) | |
| 194 | + { | |
| 195 | + return new PEAR_Error('Session limit exceeded. Logout of any active sessions.'); | |
| 196 | + } | |
| 197 | + } | |
| 189 | 198 | |
| 190 | 199 | $session = session_id(); |
| 191 | 200 | |
| ... | ... | @@ -246,12 +255,15 @@ class KTAPI_UserSession extends KTAPI_Session |
| 246 | 255 | //$ip = KTAPI_Session::resolveIP(); |
| 247 | 256 | } |
| 248 | 257 | |
| 249 | - list($session,$sessionid) = KTAPI_UserSession::_check_session($user); | |
| 250 | - if (PEAR::isError($sessionid)) | |
| 258 | + $result = KTAPI_UserSession::_check_session($user); | |
| 259 | + | |
| 260 | + if (PEAR::isError($result)) | |
| 251 | 261 | { |
| 252 | 262 | return $sessionid; |
| 253 | 263 | } |
| 254 | 264 | |
| 265 | + list($session,$sessionid) = $result; | |
| 266 | + | |
| 255 | 267 | $session = &new KTAPI_UserSession($ktapi, $user, $session, $sessionid, $ip); |
| 256 | 268 | |
| 257 | 269 | return $session; | ... | ... |