Skip to content

Commit

Permalink
Adding cookieLifeTime var declaration as it was omitted.
Browse files Browse the repository at this point in the history 
Updating session timeout values so they reflect their values in the past.
Making cookieLifeTime configurable in the medium/low security levels.
Fixing Config.timeout setting to go back to 10.
Fixes #798
  • Loading branch information
@markstory
markstory committed Jun 27, 2010
1 parent 35d232f commit 4b93e61
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 12 deletions.
25 changes: 19 additions & 6 deletions cake/libs/cake_session.php
View file
Expand Up @@ -98,6 +98,14 @@ class CakeSession extends Object {
*/
var $sessionTime = false;

/**
* The number of seconds to set for session.cookie_lifetime. 0 means
* at browser close.
*
* @var integer
*/
var $cookieLifeTime = false;

/**
* Keeps track of keys to watch for writes on
*
Expand Down Expand Up @@ -188,7 +196,7 @@ function __construct($base = null, $start = true) {
if (!class_exists('Security')) {
App::import('Core', 'Security');
}
$this->sessionTime = $this->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout'));
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level');
}
parent::__construct();
Expand Down Expand Up @@ -465,8 +473,13 @@ function __initSession() {
}
if ($iniSet && ($this->security === 'high' || $this->security === 'medium')) {
ini_set('session.referer_check', $this->host);
}

if ($this->security == 'high') {
$this->cookieLifeTime = 0;
} else {
$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
}
$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);

switch (Configure::read('Session.save')) {
case 'cake':
Expand Down Expand Up @@ -593,9 +606,9 @@ function _checkValid() {
$check -= 1;
$this->write('Config.timeout', $check);

if (time() > ($time - (Security::inactiveMins() * 60 * Configure::read('Session.timeout')) + 2) || $check < 1) {
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew();
$this->write('Config.timeout', Security::inactiveMins());
$this->write('Config.timeout', 10);
}
}
$this->valid = true;
Expand All @@ -607,7 +620,7 @@ function _checkValid() {
} else {
$this->write('Config.userAgent', $this->_userAgent);
$this->write('Config.time', $this->sessionTime);
$this->write('Config.timeout', Security::inactiveMins());
$this->write('Config.timeout', 10);
$this->valid = true;
$this->__setError(1, 'Session is valid');
}
Expand Down Expand Up @@ -735,7 +748,7 @@ function __read($id) {
* @access private
*/
function __write($id, $data) {
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins() * 60;
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session');
$return = $model->save(compact('id', 'data', 'expires'));
return $return;
Expand Down
12 changes: 6 additions & 6 deletions cake/tests/cases/libs/controller/components/session.test.php
View file
Expand Up @@ -355,32 +355,32 @@ function testSessionTimeout() {
$Session =& new SessionComponent();
$Session->write('Test', 'some value');

$this->assertEqual($Session->sessionTime, mktime() + (300 * 60 * Configure::read('Session.timeout')));
$this->assertEqual($Session->sessionTime, mktime() + (300 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));

session_destroy();
Configure::write('Security.level', 'medium');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (100 * 60 * Configure::read('Session.timeout')));
$this->assertEqual($Session->sessionTime, mktime() + (100 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));


session_destroy();
Configure::write('Security.level', 'high');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (10 * 60 * Configure::read('Session.timeout')));
$this->assertEqual($Session->sessionTime, mktime() + (10 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));

}
}

0 comments on commit 4b93e61

Please sign in to comment.