Permalink
Browse files

Updated session timeout calculations to use the security level from c…

…ore.php as the multiplier.

Signed-off-by: Mark Story <mark@mark-story.com>
  • Loading branch information...
1 parent 96d0119 commit a4950f6940c03c77ae93684dd4e8cc4c88166663 @voidet voidet committed with markstory Apr 28, 2010
Showing with 63 additions and 7 deletions.
  1. +26 −7 cake/libs/cake_session.php
  2. +37 −0 cake/tests/cases/libs/controller/components/session.test.php
View
@@ -131,6 +131,14 @@ class CakeSession extends Object {
var $host = null;
/**
+ * Session timeout multiplier factor
+ *
+ * @var ineteger
+ * @access public
+ */
+ var $timeout = null;
+
+/**
* Constructor.
*
* @param string $base The base path for the Session
@@ -190,6 +198,18 @@ function __construct($base = null, $start = true) {
}
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level');
+ switch ($this->security) {
+ case 'medium':
+ $this->factor = 100;
+ break;
+ case 'low':
+ $this->factor = 300;
+ break;
+ case 'high':
+ default:
+ $this->factor = 10;
+ break;
+ }
}
parent::__construct();
}
@@ -467,20 +487,20 @@ function __initSession() {
switch ($this->security) {
case 'high':
- $this->cookieLifeTime = 0;
+ $this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
break;
case 'medium':
- $this->cookieLifeTime = 7 * 86400;
+ $this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
break;
case 'low':
default:
- $this->cookieLifeTime = 788940000;
+ $this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
break;
}
@@ -604,15 +624,14 @@ function _checkValid() {
if ((Configure::read('Session.checkAgent') === false || $this->_userAgent == $this->read('Config.userAgent')) && $this->time <= $this->read('Config.time')) {
$time = $this->read('Config.time');
$this->write('Config.time', $this->sessionTime);
-
if (Configure::read('Security.level') === 'high') {
$check = $this->read('Config.timeout');
$check = $check - 1;
- $this->write('Config.timeout', $check);
+ $this->write('Config.timeout', $this->factor);
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew();
- $this->write('Config.timeout', 10);
+ $this->write('Config.timeout', $this->factor);
}
}
$this->valid = true;
@@ -624,7 +643,7 @@ function _checkValid() {
} else {
$this->write('Config.userAgent', $this->_userAgent);
$this->write('Config.time', $this->sessionTime);
- $this->write('Config.timeout', 10);
+ $this->write('Config.timeout', $this->factor);
$this->valid = true;
$this->__setError(1, 'Session is valid');
}
@@ -341,4 +341,41 @@ function testSessionDestroy() {
$Session->destroy('Test');
$this->assertNull($Session->read('Test'));
}
+
+/**
+ * testSessionTimeout method
+ *
+ * @access public
+ * @return void
+ */
+ function testSessionTimeout() {
+
+ session_destroy();
+ $Session =& new SessionComponent();
+ Configure::write('Security.level', 'low');
+ $Session->write('Test', 'some value');
+ $this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+ $this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
+ $this->assertEqual($Session->time, mktime());
+ $this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+
+ session_destroy();
+ $Session =& new SessionComponent();
+ Configure::write('Security.level', 'medium');
+ $Session->write('Test', 'some value');
+ $this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+ $this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
+ $this->assertEqual($Session->time, mktime());
+ $this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+
+ session_destroy();
+ $Session =& new SessionComponent();
+ Configure::write('Security.level', 'high');
+ $Session->write('Test', 'some value');
+ $this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+ $this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
+ $this->assertEqual($Session->time, mktime());
+ $this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+
+ }
}

0 comments on commit a4950f6

Please sign in to comment.