Fix #10187: Segment the PHP session via a unique key, so as to play n…

…ice with neighboring apps.
mantisbt · Mar 30, 2009 · 2ad35dd · 2ad35dd
1 parent da55110
commit 2ad35dd
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/config_defaults_inc.php b/config_defaults_inc.php
@@ -219,6 +219,12 @@
 	 */
 	$g_session_handler = 'php';
 
+	/**
+	 * Session key name.  Should be unique between multiple installations to prevent conflicts.
+	 * @global string $g_session_key
+	 */
+	$g_session_key = 'MantisBT';
+
 	/**
 	 * Session save path.  If false, uses default value as set by session handler.
 	 * @global bool $g_session_save_path

diff --git a/core/session_api.php b/core/session_api.php
@@ -52,29 +52,40 @@ abstract function destroy();
  */
 class MantisPHPSession extends MantisSession {
 	function __construct( $p_session_id=null ) {
+		$this->key = config_get_global( 'session_key' );
+
+		# Save session information where specified or with PHP's default
 		$t_session_save_path = config_get_global( 'session_save_path' );
 		if( $t_session_save_path ) {
 			session_save_path( $t_session_save_path );
 		}
 
+		# Handle session cookie and caching
 		session_cache_limiter( 'private_no_expire' );
 		if ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
 			session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true );
 		} else {
 			session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), false );
 		}
 
+		# Handle existent session ID
 		if ( !is_null( $p_session_id ) ) {
 			session_id( $p_session_id );
 		}
 
+		# Initialize the session
 		session_start();
 		$this->id = session_id();
+
+		# Initialize the keyed session store
+		if ( !isset( $_SESSION[ $this->key ] ) ) {
+			$_SESSION[ $this->key ] = array();
+		}
 	}
 
-	function get( $p_name, $p_default = null ) {
-		if( isset( $_SESSION[$p_name] ) ) {
-			return unserialize( $_SESSION[$p_name] );
+	function get( $p_name, $p_default=null ) {
+		if ( isset( $_SESSION[ $this->key ][ $p_name ] ) ) {
+			return unserialize( $_SESSION[ $this->key ][ $p_name ] );
 		}
 
 		if( func_num_args() > 1 ) {
@@ -86,20 +97,19 @@ function get( $p_name, $p_default = null ) {
 	}
 
 	function set( $p_name, $p_value ) {
-		$_SESSION[$p_name] = serialize( $p_value );
+		$_SESSION[ $this->key ][ $p_name ] = serialize( $p_value );
 	}
 
 	function delete( $p_name ) {
-		unset( $_SESSION[$p_name] );
+		unset( $_SESSION[ $this->key ][ $p_name ] );
 	}
 
 	function destroy() {
 		if( isset( $_COOKIE[session_name()] ) && !headers_sent() ) {
 			gpc_set_cookie( session_name(), '', time() - 42000 );
 		}
 
-		unset( $_SESSION );
-		session_destroy();
+		unset( $_SESSION[ $this->key ] );
 	}
 }