Esempio n. 1
0
 function run()
 {
     AnwCurrentSession::logout();
     $sUrlRedirect = AnwEnv::_GET("redirect", false);
     $this->redirectInfo($sUrlRedirect, $this->t_("t_loggedout"), $this->t_("p_loggedout"));
 }
 private function saveSession($oSession, $bCreateSessionIfNotExists = false)
 {
     $sSessionId = $oSession->getId();
     if ($oSession->isLoggedIn()) {
         //purge the old sessions from database (needed for the update/insert test)
         $this->purgeExpiredSessionsFromDatabase();
         //try to update session in database (if it already exists)
         $sSessionIdentifier = AnwEnv::calculateSessionIdentifier();
         $sSessionCode = self::generateSessionCode();
         //a new code is generated (even if session already exists) to prevent session stealing
         $nSessionUser = $oSession->getUser()->getId();
         $sSessionResume = $oSession->isResume() ? 1 : 0;
         $nSessionTimeSeen = time();
         $asData = array("SessionIdentifier" => $this->db()->strtosql($sSessionIdentifier), "SessionCode" => $this->db()->strtosql($sSessionCode), "SessionUser" => $this->db()->inttosql($nSessionUser), "SessionResume" => $this->db()->strtosql($sSessionResume), "SessionTimeSeen" => $this->db()->inttosql($nSessionTimeSeen));
         $this->db()->do_update($asData, "session", "WHERE SessionId=" . $this->db()->strtosql($sSessionId));
         //otherwise, we may need to INSERT this new session or to kill it
         if ($this->db()->affected_rows() != 1) {
             if ($bCreateSessionIfNotExists) {
                 //user is logging in, it's normal that the session doesn't exist in database.
                 $asData["SessionId"] = $this->db()->strtosql($sSessionId);
                 $asData["SessionTimeStart"] = $this->db()->inttosql(time());
                 $asData["SessionTimeAuth"] = $this->db()->inttosql(time());
                 $this->db()->do_insert($asData, "session");
             } else {
                 //here, the session is supposed to exist in database, but isn't found.
                 //this can happend in the following situations:
                 // - The session has expired (DurationIdle or DurationMax)
                 // - An user was using a session, when someone tried to steal it. The session was killed for security reasons.
                 // - An administrator has killed the session.
                 // - The session has expired.
                 //In both situations, the current session is no longer safe and must be closed.
                 self::debug("WARNING: Session doesn't exist in database, but session creation is NOT expected. Logging out.");
                 AnwCurrentSession::logout();
                 return;
             }
         }
         //remember current session in cookies
         $nCookieExpires = AnwSessions::isResumeEnabled() && $oSession->isResume() ? time() + $this->cfgResumeDelayMax() : 0;
         AnwEnv::putCookie(self::COOKIE_SESSION_ID, $sSessionId, $nCookieExpires);
         AnwEnv::putCookie(self::COOKIE_SESSION_CODE, $sSessionCode, $nCookieExpires);
         AnwEnv::putSession(self::SESSION_CODE, $sSessionCode);
     } else {
         //unset cookies
         AnwEnv::unsetCookie(self::COOKIE_SESSION_ID);
         AnwEnv::unsetCookie(self::COOKIE_SESSION_CODE);
     }
 }