Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite session handling #92

Closed
wants to merge 6 commits into from
Closed

Rewrite session handling #92

wants to merge 6 commits into from

Conversation

hnxfirefly
Copy link
Collaborator

No description provided.

hnxfirefly and others added 6 commits June 17, 2017 05:36
@hnxfirefly
Rewite Session Handling
ec02556 
Remove Clientside Stored Cookie
Handle all Session data server side

This should remove unsave handling with userdata and sessiondata.
@hnxfirefly
Remove Unused Code
09981b9 
Remove Code that will never be used based on the removing of the Cookie-session-handling
@lxp
Cleanup authorisation code even more
5fec827
@lxp
Implement new password hashing (PBKDF2-SHA1)
05cdfc5 
This change modifies the database and requires a database upgrade
from within the lansuite admin area.

After the database upgrade, the old MD5 user passwords will be
automatically converted to PBKDF2-SHA1 on the next user login.
Clan and team passwords will only be upgraded, when new passwords
are set.

PBKDF2-SHA1 was choosen for compatibility with the ejabberd XMPP
server password storage.
@hnxfirefly
Merge pull request #1 from hnxfirefly/new-password-hash
a86b4c6 
New password hash
@hnxfirefly
Merge branch 'master' into rewrite-session-handling
e7d2f56
@andygrunwald
Copy link
Collaborator

Thanks @hnxfirefly and sorry for the late reply. I will try to check this PR out in the next days.
Just to let you know that this is still on my road map.

@andygrunwald
Copy link
Collaborator

This has a dependency to #83
#83 is also included here.

@hnxfirefly Can you provide a little bit more information and context about this PR here?
Why is it needed to rewrite the session handling? Does the current implementation has any limits? Does the new implementation has benefits? If yes, which one?

@hnxfirefly
Copy link
Collaborator Author

The intent behind this is to simplify the session managment into a single one and not have cookies and php-session. I also have found some bugs in this pr that i have fixed after the merge with #83.
I already use a version without cookies on www.hnx.at and it works pretty well.
But till i add the latest fixes i'll close this PR.

@hnxfirefly hnxfirefly closed this Jan 22, 2018
@andygrunwald andygrunwald mentioned this pull request Jan 28, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hnxfirefly @andygrunwald @lxp