/** * Verify an existing session ID and create or resume the session if the existing session ID is valid * * @access public * @return boolean */ public function start() { if ($this->_life_time > 0) { ini_set('session.gc_maxlifetime', $this->_life_time); } else { $this->_life_time = ini_get('session.gc_maxlifetime'); } session_set_cookie_params(0, OSCOM::getRequestType() == 'NONSSL' ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH, OSCOM::getRequestType() == 'NONSSL' ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN); $sane_session_id = true; if (isset($_GET[$this->_name]) && (empty($_GET[$this->_name]) || !ctype_alnum($_GET[$this->_name]))) { $sane_session_id = false; } elseif (isset($_POST[$this->_name]) && (empty($_POST[$this->_name]) || !ctype_alnum($_POST[$this->_name]))) { $sane_session_id = false; } elseif (isset($_COOKIE[$this->_name]) && (empty($_COOKIE[$this->_name]) || !ctype_alnum($_COOKIE[$this->_name]))) { $sane_session_id = false; setcookie($this->_name, '', time() - 42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain')); } if ($sane_session_id === false) { osc_redirect(OSCOM::getLink(null, OSCOM::getDefaultSiteApplication(), null, 'NONSSL', false)); } else { if (session_start()) { register_shutdown_function(array($this, 'close')); $this->_is_started = true; $this->_id = session_id(); return true; } } return false; }