Permalink
Browse files

Switched over to using the previously unused Security::inactiveMins()…

… method for getting timeout modifiers

Signed-off-by: Mark Story <mark@mark-story.com>
  • Loading branch information...
1 parent 5cf08cb commit b04a3f8514a13d852dd9f713ffcedc201e641b59 @voidet voidet committed with markstory May 7, 2010
Showing with 18 additions and 43 deletions.
  1. +7 −33 cake/libs/cake_session.php
  2. +11 −10 cake/tests/cases/libs/controller/components/session.test.php
View
@@ -199,18 +199,6 @@ function __construct($base = null, $start = true) {
$this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
$this->security = Configure::read('Security.level');
}
- switch ($this->security) {
- case 'medium':
- $this->factor = 5040;
- break;
- case 'low':
- $this->factor = 2628000;
- break;
- case 'high':
- default:
- $this->factor = 10;
- break;
- }
parent::__construct();
}
@@ -487,20 +475,20 @@ function __initSession() {
switch ($this->security) {
case 'high':
- $this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
+ $this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
break;
case 'medium':
- $this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
+ $this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
break;
case 'low':
default:
- $this->cookieLifeTime = Configure::read('Session.timeout') * $this->factor;
+ $this->cookieLifeTime = Configure::read('Session.timeout') * Security::inactiveMins();
break;
}
@@ -627,11 +615,11 @@ function _checkValid() {
if (Configure::read('Security.level') === 'high') {
$check = $this->read('Config.timeout');
$check = $check - 1;
- $this->write('Config.timeout', $this->factor);
+ $this->write('Config.timeout', Security::inactiveMins());
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew();
- $this->write('Config.timeout', $this->factor);
+ $this->write('Config.timeout', Security::inactiveMins());
}
}
$this->valid = true;
@@ -643,7 +631,7 @@ function _checkValid() {
} else {
$this->write('Config.userAgent', $this->_userAgent);
$this->write('Config.time', $this->sessionTime);
- $this->write('Config.timeout', $this->factor);
+ $this->write('Config.timeout', Security::inactiveMins());
$this->valid = true;
$this->__setError(1, 'Session is valid');
}
@@ -771,21 +759,7 @@ function __read($id) {
* @access private
*/
function __write($id, $data) {
- switch (Configure::read('Security.level')) {
- case 'medium':
- $factor = 5040;
- break;
- case 'low':
- $factor = 2628000;
- break;
- case 'high':
- default:
- $factor = 10;
- break;
- }
-
- $expires = time() + Configure::read('Session.timeout') * $factor;
-
+ $expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session');
$return = $model->save(compact('id', 'data', 'expires'));
return $return;
@@ -351,31 +351,32 @@ function testSessionDestroy() {
function testSessionTimeout() {
session_destroy();
- $Session =& new SessionComponent();
+ unset($Session);
Configure::write('Security.level', 'low');
+ $Session =& new SessionComponent();
$Session->write('Test', 'some value');
- $this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+ $this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
- $this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
-
+ $this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
+
session_destroy();
- $Session =& new SessionComponent();
Configure::write('Security.level', 'medium');
+ $Session =& new SessionComponent();
$Session->write('Test', 'some value');
- $this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+ $this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
- $this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+ $this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
session_destroy();
- $Session =& new SessionComponent();
Configure::write('Security.level', 'high');
+ $Session =& new SessionComponent();
$Session->write('Test', 'some value');
- $this->assertEqual($_SESSION['Config']['timeout'], $Session->factor);
+ $this->assertEqual($_SESSION['Config']['timeout'], Security::inactiveMins());
$this->assertEqual($_SESSION['Config']['time'], $Session->sessionTime);
$this->assertEqual($Session->time, mktime());
- $this->assertEqual($_SESSION['Config']['time'], $Session->time + ($Session->factor * Configure::read('Session.timeout')));
+ $this->assertEqual($_SESSION['Config']['time'], $Session->time + (Security::inactiveMins() * Configure::read('Session.timeout')));
}
}

0 comments on commit b04a3f8

Please sign in to comment.