public static function initSession() {
// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', '1;');
// set the cookie path to the ownCloud directory
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();
try {
// Allow session apps to create a custom session object
$useCustomSession = false;
$session = self::$server->getSession();
OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
if($useCustomSession) {
// use the session reference as the new Session
self::$server->setSession($session);
} else {
// set the session name to the instance id - which is unique
self::$server->setSession(new \OC\Session\Internal($sessionName));
}
// if session cant be started break with http 500 error
} catch (Exception $e) {
//show the user a detailed error page
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
OC_Template::printExceptionErrorPage($e);
}
$sessionLifeTime = self::getSessionLifeTime();
// regenerate session id periodically to avoid session fixation
/**
* @var \OCP\ISession $session
*/
$session = self::$server->getSession();
if (!$session->exists('SID_CREATED')) {
$session->set('SID_CREATED', time());
} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
session_regenerate_id(true);
$session->set('SID_CREATED', time());
}
// session timeout
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, $cookie_path);
}
session_unset();
session_destroy();
session_start();
}
$session->set('LAST_ACTIVITY', time());
}
public static function initSession()
{
// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', true);
// set the cookie path to the ownCloud directory
$cookie_path = OC::$WEBROOT ?: '/';
ini_set('session.cookie_path', $cookie_path);
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();
try {
// Allow session apps to create a custom session object
$useCustomSession = false;
$session = self::$server->getSession();
OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
if (!$useCustomSession) {
// set the session name to the instance id - which is unique
$session = new \OC\Session\Internal($sessionName);
}
$cryptoWrapper = \OC::$server->getSessionCryptoWrapper();
$session = $cryptoWrapper->wrapSession($session);
self::$server->setSession($session);
// if session can't be started break with http 500 error
} catch (Exception $e) {
\OCP\Util::logException('base', $e);
//show the user a detailed error page
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
OC_Template::printExceptionErrorPage($e);
die;
}
$sessionLifeTime = self::getSessionLifeTime();
// session timeout
if ($session->exists('LAST_ACTIVITY') && time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), null, -1, self::$WEBROOT ?: '/');
}
\OC::$server->getUserSession()->logout();
}
$session->set('LAST_ACTIVITY', time());
}
