Commit 78af99ecdbddfbee5f0303509d24c9a57cb056fe
1 parent
091c51ce
Merged in from DEV trunk...
WSA-12 "Clean up expired sessions in webservice" Fixed. It now removes stale sessions. WSA-10 "When user max_sessions is reached, attempting to authenticate returns a null session." Fixed. The return from _check_session() was not handled correctly for PEAR::Error Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@7032 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
28 additions
and
16 deletions
ktapi/KTAPISession.inc.php
| @@ -172,20 +172,29 @@ class KTAPI_UserSession extends KTAPI_Session | @@ -172,20 +172,29 @@ class KTAPI_UserSession extends KTAPI_Session | ||
| 172 | { | 172 | { |
| 173 | $user_id = $user->getId(); | 173 | $user_id = $user->getId(); |
| 174 | 174 | ||
| 175 | - $sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = $user_id"; | ||
| 176 | - $row = DBUtil::getOneResult($sql); | ||
| 177 | - if (PEAR::isError($row)) | ||
| 178 | - { | ||
| 179 | - return $row; | ||
| 180 | - } | ||
| 181 | - if (is_null($row)) | ||
| 182 | - { | ||
| 183 | - return new PEAR_Error('No record found for user?'); | ||
| 184 | - } | ||
| 185 | - if ($row['over_limit'] == 1) | ||
| 186 | - { | ||
| 187 | - return new PEAR_Error('Session limit exceeded. Logout of any active sessions.'); | ||
| 188 | - } | 175 | + Session::removeStaleSessions(); |
| 176 | + | ||
| 177 | + $config = &KTConfig::getSingleton(); | ||
| 178 | + $validateSession = $config->get('webservice/validateSessionCount', false); | ||
| 179 | + | ||
| 180 | + if ($validateSession) | ||
| 181 | + { | ||
| 182 | + $sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = $user_id"; | ||
| 183 | + $row = DBUtil::getOneResult($sql); | ||
| 184 | + | ||
| 185 | + if (PEAR::isError($row)) | ||
| 186 | + { | ||
| 187 | + return $row; | ||
| 188 | + } | ||
| 189 | + if (is_null($row)) | ||
| 190 | + { | ||
| 191 | + return new PEAR_Error('No record found for user?'); | ||
| 192 | + } | ||
| 193 | + if ($row['over_limit']+0 == 1) | ||
| 194 | + { | ||
| 195 | + return new PEAR_Error('Session limit exceeded. Logout of any active sessions.'); | ||
| 196 | + } | ||
| 197 | + } | ||
| 189 | 198 | ||
| 190 | $session = session_id(); | 199 | $session = session_id(); |
| 191 | 200 | ||
| @@ -246,12 +255,15 @@ class KTAPI_UserSession extends KTAPI_Session | @@ -246,12 +255,15 @@ class KTAPI_UserSession extends KTAPI_Session | ||
| 246 | //$ip = KTAPI_Session::resolveIP(); | 255 | //$ip = KTAPI_Session::resolveIP(); |
| 247 | } | 256 | } |
| 248 | 257 | ||
| 249 | - list($session,$sessionid) = KTAPI_UserSession::_check_session($user); | ||
| 250 | - if (PEAR::isError($sessionid)) | 258 | + $result = KTAPI_UserSession::_check_session($user); |
| 259 | + | ||
| 260 | + if (PEAR::isError($result)) | ||
| 251 | { | 261 | { |
| 252 | return $sessionid; | 262 | return $sessionid; |
| 253 | } | 263 | } |
| 254 | 264 | ||
| 265 | + list($session,$sessionid) = $result; | ||
| 266 | + | ||
| 255 | $session = &new KTAPI_UserSession($ktapi, $user, $session, $sessionid, $ip); | 267 | $session = &new KTAPI_UserSession($ktapi, $user, $session, $sessionid, $ip); |
| 256 | 268 | ||
| 257 | return $session; | 269 | return $session; |