Peter M. Groen / knowledgetree

Commit f27be29d08771a9e630a4dc033934071315112ff

Authored by michael
1 parent 3a3edc4a

tidied debug logging and removing all stale sessions when sessions are verified 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@1668 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 14 additions and 13 deletions
lib/session/Session.inc
  View file @f27be29
@@ -72,12 +72,13 @@ class Session { @@ -72,12 +72,13 @@ class Session {
72 * 72 *
73 * @param int the userID to remove stale sessions for 73 * @param int the userID to remove stale sessions for
74 */ 74 */
75 - function removeStaleSessions($userID) { 75 + function removeStaleSessions($userID = -1) {
76 global $default; 76 global $default;
77 // deletes any sessions for this userID where the default timeout has elapsed. 77 // deletes any sessions for this userID where the default timeout has elapsed.
78 $time = time() - $default->sessionTimeout; 78 $time = time() - $default->sessionTimeout;
79 $sql = $default->db; 79 $sql = $default->db;
80 - $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id=$userID AND lastused <= '" . formatDateTime($time) . "'"); 80 + $sQuery = "DELETE FROM $default->owl_sessions_table WHERE " . (($userID != -1) ? "user_id=$userID AND " : "") . "lastused <= '" . formatDateTime($time) . "'";
  81 + $sql->query($sQuery);
81 } 82 }
82 83
83 /** 84 /**
@@ -88,9 +89,11 @@ class Session { @@ -88,9 +89,11 @@ class Session {
88 function verify() { 89 function verify() {
89 global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid; 90 global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid;
90 91
  92 + // remove old sessions
  93 + Session::removeStaleSessions();
  94 +
91 session_start(); 95 session_start();
92 $sessionID = session_id(); 96 $sessionID = session_id();
93 - $default->log->debug("Session::verify() retrieved sessionID=$sessionID");  
94 if (strlen($sessionID) > 0) { 97 if (strlen($sessionID) > 0) {
95 // initialise return status 98 // initialise return status
96 $sessionStatus = 0; 99 $sessionStatus = 0;
@@ -102,7 +105,7 @@ class Session { @@ -102,7 +105,7 @@ class Session {
102 105
103 // FIXME: if there aren't more rows that the max sessions for this user 106 // FIXME: if there aren't more rows that the max sessions for this user
104 if ($numrows >= 1) { 107 if ($numrows >= 1) {
105 - $default->log->debug("Session::verify() found session in db"); 108 + $default->log->debug("Session::verify found session in db");
106 while($sql->next_record()) { 109 while($sql->next_record()) {
107 $iUserID = $sql->f("user_id"); 110 $iUserID = $sql->f("user_id");
108 $ip = $this->getClientIP(); 111 $ip = $this->getClientIP();
@@ -110,10 +113,7 @@ class Session { @@ -110,10 +113,7 @@ class Session {
110 if ($ip == $sql->f("ip")) { 113 if ($ip == $sql->f("ip")) {
111 // now check if the timeout has been exceeded 114 // now check if the timeout has been exceeded
112 $lastused = $sql->f("lastused"); 115 $lastused = $sql->f("lastused");
113 - $default->log->debug("Session::verify() lastused=$lastused; str=" . strtotime($lastused));  
114 - $default->log->debug("Session::verify() current time=" . time());  
115 $diff = time() - strtotime($lastused); 116 $diff = time() - strtotime($lastused);
116 - $default->log->debug("Session::verify() timeout = " . $default->sessionTimeout . "; diff=$diff");  
117 if($diff <= $default->sessionTimeout) { 117 if($diff <= $default->sessionTimeout) {
118 // session has been verified, update status 118 // session has been verified, update status
119 $sessionStatus = 1; 119 $sessionStatus = 1;
@@ -135,8 +135,6 @@ class Session { @@ -135,8 +135,6 @@ class Session {
135 $sessionStatus = 2; 135 $sessionStatus = 2;
136 // destroy this session 136 // destroy this session
137 $this->destroy(); 137 $this->destroy();
138 - // remove old sessions  
139 - Session::removeStaleSessions($iUserID);  
140 $_SESSION["errorMessage"] = $lang_sesstimeout; 138 $_SESSION["errorMessage"] = $lang_sesstimeout;
141 } 139 }
142 } else { 140 } else {
@@ -145,14 +143,17 @@ class Session { @@ -145,14 +143,17 @@ class Session {
145 $_SESSION["errorMessage"] = $lang_sessinuse; 143 $_SESSION["errorMessage"] = $lang_sessinuse;
146 } 144 }
147 } 145 }
148 - } 146 + } else {
  147 + // the session doesn't exist in the db
  148 + $default->log->error("Session::verify sessionID=$sessionID, not in db");
  149 + return false;
  150 + }
149 } else { 151 } else {
150 - $default->log->error("verify() session not in db"); 152 + $default->log->error("Session::verify session not in db");
151 // there is no session 153 // there is no session
152 return false; 154 return false;
153 } 155 }
154 - // return the array  
155 - $default->log->debug("Session::verify() returning sessionStatus=$sessionStatus"); 156 + // return the status
156 return $sessionStatus; 157 return $sessionStatus;
157 } 158 }
158 159