Skip to content
Permalink
Browse files

Adding cookieLifeTime var declaration as it was omitted.

Updating session timeout values so they reflect their values in the past.
Making cookieLifeTime configurable in the medium/low security levels.
Fixing Config.timeout setting to go back to 10.
Fixes #798
  • Loading branch information...
markstory committed Jun 27, 2010
1 parent 35d232f commit 4b93e61ed300085e1ff2a6ec1fd117600044c094
Showing with 25 additions and 12 deletions.
  1. +19 −6 cake/libs/cake_session.php
  2. +6 −6 cake/tests/cases/libs/controller/components/session.test.php
@@ -98,6 +98,14 @@ class CakeSession extends Object {
*/
var $sessionTime = false;
/**
* The number of seconds to set for session.cookie_lifetime. 0 means
* at browser close.
*
* @var integer
*/
var $cookieLifeTime = false;
/**
* Keeps track of keys to watch for writes on
*
@@ -188,7 +196,7 @@ function __construct($base = null, $start = true) {
if (!class_exists('Security')) {
App::import('Core', 'Security');
}
$this->sessionTime = $this->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout'));
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level');
}
parent::__construct();
@@ -465,8 +473,13 @@ function __initSession() {
}
if ($iniSet && ($this->security === 'high' || $this->security === 'medium')) {
ini_set('session.referer_check', $this->host);
}
if ($this->security == 'high') {
$this->cookieLifeTime = 0;
} else {
$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
}
$this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
switch (Configure::read('Session.save')) {
case 'cake':
@@ -593,9 +606,9 @@ function _checkValid() {
$check -= 1;
$this->write('Config.timeout', $check);
if (time() > ($time - (Security::inactiveMins() * 60 * Configure::read('Session.timeout')) + 2) || $check < 1) {
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew();
$this->write('Config.timeout', Security::inactiveMins());
$this->write('Config.timeout', 10);
}
}
$this->valid = true;
@@ -607,7 +620,7 @@ function _checkValid() {
} else {
$this->write('Config.userAgent', $this->_userAgent);
$this->write('Config.time', $this->sessionTime);
$this->write('Config.timeout', Security::inactiveMins());
$this->write('Config.timeout', 10);
$this->valid = true;
$this->__setError(1, 'Session is valid');
}
@@ -735,7 +748,7 @@ function __read($id) {
* @access private
*/
function __write($id, $data) {
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins() * 60;
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session');
$return = $model->save(compact('id', 'data', 'expires'));
return $return;
@@ -355,32 +355,32 @@ function testSessionTimeout() {
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (300 * 60 * Configure::read('Session.timeout')));
$this->assertEqual($Session->sessionTime, mktime() + (300 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy();
Configure::write('Security.level', 'medium');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (100 * 60 * Configure::read('Session.timeout')));
$this->assertEqual($Session->sessionTime, mktime() + (100 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy();
Configure::write('Security.level', 'high');
$Session =& new SessionComponent();
$Session->write('Test', 'some value');
$this->assertEqual($Session->sessionTime, mktime() + (10 * 60 * Configure::read('Session.timeout')));
$this->assertEqual($Session->sessionTime, mktime() + (10 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * 60 * Configure::read('Session.timeout')));
$this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
}
}

0 comments on commit 4b93e61

Please sign in to comment.
You can’t perform that action at this time.