Skip to content
Permalink
Browse files

Refactoring duplicated logic into a method.

  • Loading branch information...
markstory committed Jul 27, 2010
1 parent ef586d9 commit 8db0a1958526301a115efb36bae2b2bda4de5772
Showing with 19 additions and 13 deletions.
  1. +19 −13 cake/libs/cake_session.php
@@ -357,14 +357,8 @@ public static function error() {
*/
public static function valid() {
if (self::read('Config')) {
$validAgent = (
Configure::read('Session.checkAgent') === false ||
self::$_userAgent == self::read('Config.userAgent')
);
if ($validAgent && self::$time <= self::read('Config.time')) {
if (self::$error === false) {
self::$valid = true;
}
if (self::_validAgentAndTime() && self::$error == false) {
self::$valid = true;
} else {
self::$valid = false;
self::__setError(1, 'Session Highjacking Attempted !!!');
@@ -373,6 +367,22 @@ public static function valid() {
return self::$valid;
}
/**
* Tests that the user agent is valid and that the session hasn't 'timed out'.
* Since timeouts are implemented in CakeSession it checks the current self::$time
* against the time the session is set to expire. The User agent is only checked
* if Session.checkAgent == true.
*
* @return boolean
*/
protected static function _validAgentAndTime() {
$validAgent = (
Configure::read('Session.checkAgent') === false ||
self::$_userAgent == self::read('Config.userAgent')
);
return ($validAgent && self::$time <= self::read('Config.time'));
}
/**
* Get / Set the userAgent
*
@@ -686,12 +696,8 @@ protected function _startSession() {
protected static function _checkValid() {
if (self::read('Config')) {
$sessionConfig = Configure::read('Session');
$checkAgent = isset($sessionConfig['checkAgent']) && $sessionConfig['checkAgent'] === true;
if (
($checkAgent && self::$_userAgent == self::read('Config.userAgent')) &&
self::$time <= self::read('Config.time')
) {
if (self::_validAgentAndTime()) {
$time = self::read('Config.time');
self::write('Config.time', self::$sessionTime);
if (isset($sessionConfig['autoRegenerate']) && $sessionConfig['autoRegenerate'] === true) {

0 comments on commit 8db0a19

Please sign in to comment.
You can’t perform that action at this time.