public static function afterStart()
 {
     static $validatorsRegistered = false;
     if (!$validatorsRegistered) {
         if (isset($_SESSION['__KWF']['VALID'])) {
             self::_processValidators();
         }
         //sessions timeout after 15-20 minutes of inactivity
         //this is in addition to gc_maxlifetime (which isn't reliable enough)
         $sessionTimeout = 20 * 60;
         if (!isset($_SESSION['kwfTimeout'])) {
             $_SESSION['kwfTimeout'] = time() + $sessionTimeout;
         } else {
             if ($_SESSION['kwfTimeout'] - time() < 0) {
                 $_SESSION = array();
                 $_SESSION['kwfTimeout'] = time() + $sessionTimeout;
                 Zend_Session::regenerateId();
             } else {
                 if ($_SESSION['kwfTimeout'] - time() < $sessionTimeout - 5 * 60) {
                     //extend timeout every 5 minutes (not in every request for better performance)
                     $_SESSION['kwfTimeout'] = time() + $sessionTimeout;
                 }
             }
         }
         if (!isset($_SESSION['__KWF']['VALID'])) {
             Zend_Session::registerValidator(new Kwf_Session_Validator_HttpHost());
             if (Kwf_Setup::getBaseUrl()) {
                 Zend_Session::registerValidator(new Kwf_Session_Validator_BasePath());
             }
             Zend_Session::registerValidator(new Kwf_Session_Validator_RemoteAddr());
         }
         $validatorsRegistered = true;
     }
 }
Exemple #2
0
 /**
  * recognizes a valid session by checking certain additional information stored in the session
  * often recommended as protection against session fixation/hijacking - but doesnt make much sense
  * Zend-Framework supports session validators to validate sessions
  * @return unknown_type
  */
 public function __construct()
 {
     try {
         if (!Zend_Session::isStarted()) {
             Zend_Session::start();
         }
     } catch (Zend_Session_Exception $e) {
         Zend_Session::destroy();
         Zend_Session::start();
         Zend_Session::regenerateId();
     }
     Zend_Session::registerValidator(new Zend_Session_Validator_HttpUserAgent());
 }
Exemple #3
0
 /**
  * @group ZF-11186
  */
 public function testNoNoticesIfNoValidatorDataInSession()
 {
     try {
         Zend_Session::start();
         require_once dirname(__FILE__) . '/Validator/NoticeValidator.php';
         Zend_Session::registerValidator(new Zend_Session_Validator_NoticeValidator());
     } catch (PHPUnit_Framework_Error_Notice $exception) {
         $this->fail($exception->getMessage());
     }
 }
 /**
  * Register Validator for Ip Address
  */
 public static function registerValidatorIpAddress()
 {
     Zend_Session::registerValidator(new Zend_Session_Validator_IpAddress());
 }
 public static function registerValidatorMaintenanceMode()
 {
     Zend_Session::registerValidator(new Tinebase_Session_Validator_MaintenanceMode());
 }
Exemple #6
0
 protected function _initSessionValidators()
 {
     $this->bootstrap('DbAdapter');
     $sessionConfig = Axis::config('core/session');
     if (!$sessionConfig instanceof Axis_Config) {
         return;
     }
     if ($sessionConfig->remoteAddressValidation) {
         Zend_Session::registerValidator(new Axis_Session_Validator_RemoteAddress());
     }
     if ($sessionConfig->httpUserAgentValidation) {
         Zend_Session::registerValidator(new Zend_Session_Validator_HttpUserAgent());
     }
 }
Exemple #7
0
 /**
  * init session after successful login
  * 
  * @param Tinebase_Model_FullUser $_user
  */
 protected function _initUserSession(Tinebase_Model_FullUser $_user)
 {
     if (Tinebase_Config::getInstance()->getConfig(Tinebase_Config::SESSIONUSERAGENTVALIDATION, NULL, TRUE)->value) {
         Zend_Session::registerValidator(new Zend_Session_Validator_HttpUserAgent());
     } else {
         Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' User agent validation disabled.');
     }
     if (Tinebase_Config::getInstance()->getConfig(Tinebase_Config::SESSIONIPVALIDATION, NULL, TRUE)->value) {
         Zend_Session::registerValidator(new Zend_Session_Validator_IpAddress());
     } else {
         Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Session ip validation disabled.');
     }
     Zend_Session::regenerateId();
     /** 
      * fix php session header handling http://forge.tine20.org/mantisbt/view.php?id=4918 
      * -> search all Set-Cookie: headers and replace them with the last one!
      **/
     $cookieHeaders = array();
     foreach (headers_list() as $headerString) {
         if (strpos($headerString, 'Set-Cookie: TINE20SESSID=') === 0) {
             array_push($cookieHeaders, $headerString);
         }
     }
     header(array_pop($cookieHeaders), true);
     /** end of fix **/
     Tinebase_Core::getSession()->currentAccount = $_user;
 }