function __construct($sessionKey = '')
{
$this->sessionStart($sessionKey, false);
$this->sessionData['curr_session_id'] = session_id();
$this->sessionData['start_session_time'] = date('Y-m-d H:i:s');
$sCurrentDBSessionID = Func::POSTGET('curdbsessid');
if ($sCurrentDBSessionID) {
$this->sCurrentDBSessionID = $sCurrentDBSessionID;
}
$this->restoreSession();
//check access to fordev mode
$this->checkFORDEV();
// уязвимость 'session fixation'
if (!empty($this->sessionData['curr_session_id'])) {
# много динамических ip, часто слетает сессия, пока закомментим
//$ip = func::getRemoteAddress(false);
//$ip = substr($ip, 0, strrpos($ip, '.') - 1);
$useragent = func::getSERVER('HTTP_USER_AGENT', 'no user agent');
$charset = func::getSERVER('HTTP_ACCEPT_CHARSET', 'hello from IE');
$fixHash = md5($useragent . $charset);
if (!isset($this->sessionData['hash'])) {
$this->sessionData['hash'] = $fixHash;
} elseif ($this->sessionData['hash'] != $fixHash) {
if (!empty($_POST['sessid']) && (strpos(strtolower($useragent), 'adobe flash') !== false || in_array(strtolower($useragent), array('shockwave flash', 'adobe flash player 10')))) {
/*
swfupload:
HTTP_USER_AGENT = 'Shockwave Flash';
HTTP_ACCEPT_CHARSET = '';
*/
} else {
session_regenerate_id();
$this->sessionData = array();
$this->sessionData['hash'] = $fixHash;
}
}
}
}
