Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rewrite session handling #92

Closed

Conversation

hnxfirefly
Copy link
Collaborator

No description provided.

hnxfirefly and others added 6 commits June 17, 2017 05:36
Remove Clientside Stored Cookie
Handle all Session data server side

This should remove unsave handling with userdata and sessiondata.
Remove Code that will never be used based on the removing of the Cookie-session-handling
This change modifies the database and requires a database upgrade
from within the lansuite admin area.

After the database upgrade, the old MD5 user passwords will be
automatically converted to PBKDF2-SHA1 on the next user login.
Clan and team passwords will only be upgraded, when new passwords
are set.

PBKDF2-SHA1 was choosen for compatibility with the ejabberd XMPP
server password storage.
@andygrunwald
Copy link
Collaborator

Thanks @hnxfirefly and sorry for the late reply. I will try to check this PR out in the next days.
Just to let you know that this is still on my road map.

@andygrunwald
Copy link
Collaborator

This has a dependency to #83
#83 is also included here.

@hnxfirefly Can you provide a little bit more information and context about this PR here?
Why is it needed to rewrite the session handling? Does the current implementation has any limits? Does the new implementation has benefits? If yes, which one?

@hnxfirefly
Copy link
Collaborator Author

The intent behind this is to simplify the session managment into a single one and not have cookies and php-session. I also have found some bugs in this pr that i have fixed after the merge with #83.
I already use a version without cookies on www.hnx.at and it works pretty well.
But till i add the latest fixes i'll close this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants