ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

use session_regenerate_id instead of other strange code

pull/2562/head
Isaac Connor 2019-01-30 16:08:09 -05:00
parent b09a71d0e2
commit 97e3a8178a
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web/includes/session.php
View File

@ -21,7 +21,8 @@ function zm_session_start() {
session_start(); session_start();
// Do not allow to use too old session ID // Do not allow to use too old session ID
if (!empty($_SESSION['last_time']) && $_SESSION['last_time'] < time() - 180) { if ( !empty($_SESSION['last_time']) && ( $_SESSION['last_time'] < (time() - 180) ) ) {
Info('Destroying session due to timeout. ');
session_destroy(); session_destroy();
session_start(); session_start();
} }
@ -34,19 +35,14 @@ function zm_session_regenerate_id() {
if ( session_status() != PHP_SESSION_ACTIVE ) { if ( session_status() != PHP_SESSION_ACTIVE ) {
session_start(); session_start();
} }
// WARNING: Never use confidential strings for prefix!
$newid = session_create_id();
// Set deleted timestamp. Session data must not be deleted immediately for reasons. // Set deleted timestamp. Session data must not be deleted immediately for reasons.
$_SESSION['last_time'] = time(); $_SESSION['last_time'] = time();
// Finish session // Finish session
session_commit(); session_write_close();
// Make sure to accept user defined session ID
// NOTE: You must enable use_strict_mode for normal operations.
ini_set('session.use_strict_mode', 0);
// Set new custome session ID
session_id($newid);
// Start with custome session ID
session_start(); session_start();
session_regenerate_id();
} }
function is_session_started() { function is_session_started() {