Peter M. Groen / knowledgetree

Commit f27be29d08771a9e630a4dc033934071315112ff

Authored by michael
1 parent 3a3edc4a

tidied debug logging and removing all stale sessions when sessions are verified 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@1668 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 14 additions and 13 deletions
lib/session/Session.inc
  View file @f27be29
... ... @@ -72,12 +72,13 @@ class Session {
72 72 *
73 73 * @param int the userID to remove stale sessions for
74 74 */
75   - function removeStaleSessions($userID) {
  75 + function removeStaleSessions($userID = -1) {
76 76 global $default;
77 77 // deletes any sessions for this userID where the default timeout has elapsed.
78 78 $time = time() - $default->sessionTimeout;
79 79 $sql = $default->db;
80   - $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id=$userID AND lastused <= '" . formatDateTime($time) . "'");
  80 + $sQuery = "DELETE FROM $default->owl_sessions_table WHERE " . (($userID != -1) ? "user_id=$userID AND " : "") . "lastused <= '" . formatDateTime($time) . "'";
  81 + $sql->query($sQuery);
81 82 }
82 83  
83 84 /**
... ... @@ -88,9 +89,11 @@ class Session {
88 89 function verify() {
89 90 global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid;
90 91  
  92 + // remove old sessions
  93 + Session::removeStaleSessions();
  94 +
91 95 session_start();
92 96 $sessionID = session_id();
93   - $default->log->debug("Session::verify() retrieved sessionID=$sessionID");
94 97 if (strlen($sessionID) > 0) {
95 98 // initialise return status
96 99 $sessionStatus = 0;
... ... @@ -102,7 +105,7 @@ class Session {
102 105  
103 106 // FIXME: if there aren't more rows that the max sessions for this user
104 107 if ($numrows >= 1) {
105   - $default->log->debug("Session::verify() found session in db");
  108 + $default->log->debug("Session::verify found session in db");
106 109 while($sql->next_record()) {
107 110 $iUserID = $sql->f("user_id");
108 111 $ip = $this->getClientIP();
... ... @@ -110,10 +113,7 @@ class Session {
110 113 if ($ip == $sql->f("ip")) {
111 114 // now check if the timeout has been exceeded
112 115 $lastused = $sql->f("lastused");
113   - $default->log->debug("Session::verify() lastused=$lastused; str=" . strtotime($lastused));
114   - $default->log->debug("Session::verify() current time=" . time());
115 116 $diff = time() - strtotime($lastused);
116   - $default->log->debug("Session::verify() timeout = " . $default->sessionTimeout . "; diff=$diff");
117 117 if($diff <= $default->sessionTimeout) {
118 118 // session has been verified, update status
119 119 $sessionStatus = 1;
... ... @@ -135,8 +135,6 @@ class Session {
135 135 $sessionStatus = 2;
136 136 // destroy this session
137 137 $this->destroy();
138   - // remove old sessions
139   - Session::removeStaleSessions($iUserID);
140 138 $_SESSION["errorMessage"] = $lang_sesstimeout;
141 139 }
142 140 } else {
... ... @@ -145,14 +143,17 @@ class Session {
145 143 $_SESSION["errorMessage"] = $lang_sessinuse;
146 144 }
147 145 }
148   - }
  146 + } else {
  147 + // the session doesn't exist in the db
  148 + $default->log->error("Session::verify sessionID=$sessionID, not in db");
  149 + return false;
  150 + }
149 151 } else {
150   - $default->log->error("verify() session not in db");
  152 + $default->log->error("Session::verify session not in db");
151 153 // there is no session
152 154 return false;
153 155 }
154   - // return the array
155   - $default->log->debug("Session::verify() returning sessionStatus=$sessionStatus");
  156 + // return the status
156 157 return $sessionStatus;
157 158 }
158 159  
... ...