Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Use 0 as the cookie lifetime in session_set_cookie_params() (this sho…

…uld not be confused with session.gc_maxlifetime)

Add new Work/Session directory to hold file based session data files in
Update Shop Session Service module to use SERVICE_SESSION_EXPIRATION_TIME as the session life time (other sites use the default session.gc_maxlifetime value)
  • Loading branch information...
commit 83757940e3100d2e20b9c6a2975c741e493a8a19 1 parent ce82363
Harald Ponce de Leon haraldpdl authored committed
2  osCommerce/OM/Core/Session/File.php
View
@@ -36,7 +36,7 @@ class File extends \osCommerce\OM\Core\SessionAbstract {
public function __construct($name) {
$this->setName($name);
- $this->setSavePath(OSCOM::BASE_DIRECTORY . 'work');
+ $this->setSavePath(OSCOM::BASE_DIRECTORY . 'Work/Session');
}
/**
4 osCommerce/OM/Core/SessionAbstract.php
View
@@ -59,7 +59,7 @@
* @access protected
*/
- protected $_life_time; // HPDL for Shop use SERVICE_SESSION_EXPIRATION_TIME
+ protected $_life_time;
/**
* Verify an existing session ID and create or resume the session if the existing session ID is valid
@@ -75,7 +75,7 @@ public function start() {
$this->_life_time = ini_get('session.gc_maxlifetime');
}
- session_set_cookie_params($this->_life_time, ((OSCOM::getRequestType() == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH), ((OSCOM::getRequestType() == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN));
+ session_set_cookie_params(0, ((OSCOM::getRequestType() == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH), ((OSCOM::getRequestType() == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN));
$sane_session_id = true;
1  osCommerce/OM/Core/Site/Shop/Module/Service/Session.php
View
@@ -19,6 +19,7 @@ public static function start() {
Registry::set('Session', SessionClass::load());
$OSCOM_Session = Registry::get('Session');
+ $OSCOM_Session->setLifeTime(SERVICE_SESSION_EXPIRATION_TIME * 60);
if ( (SERVICE_SESSION_FORCE_COOKIE_USAGE == '1') || ((bool)ini_get('session.use_only_cookies') === true) ) {
osc_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*90);
4 osCommerce/OM/Work/Session/.htaccess
View
@@ -0,0 +1,4 @@
+<Files *>
+ Order Deny,Allow
+ Deny from all
+</Files>
Please sign in to comment.
Something went wrong with that request. Please try again.