Commit Graph

46 Commits

Author SHA1 Message Date
Andrew Dolgov 5f66f872b6 fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks 2018-10-16 14:07:42 +03:00
Andrew Dolgov d246fb9fe1 remove session REMOTE_ADDR checks 2018-10-16 12:12:07 +03:00
Andrew Dolgov 5feed36a3c do not use separate _ssl cookie for secure sessions 2018-10-15 15:48:37 +03:00
Andrew Dolgov 65e98f4086 force regenerate session id on successful login, remove previous blank SID check 2018-10-15 15:47:50 +03:00
Andrew Dolgov 74736fce0f if empty session is autostarted because of a cookie, immediately destroy it 2018-10-15 14:53:35 +03:00
Andrew Dolgov 7d53c2b501 validate_session: bring back IP session binding (enabled by default) and UA checking 2018-10-15 08:26:07 +03:00
Andrew Dolgov 4d13514dd4 sessions: PDO 2017-12-01 14:48:23 +03:00
Andrew Dolgov 1b5b1e5fec sessions: use is_server_https() for secure cookie setting 2017-07-17 07:33:43 +03:00
Natan Frei e234ac8dcb $_SERVER['HTTPS'] can be exists and 'off' for non-https connectios 2017-07-17 00:44:48 +03:00
Andrew Dolgov 09628e1b1a rework previous 32 bit session stuff 2017-07-13 14:40:30 +03:00
Andrew Dolgov b465c28ee0 sessions: clip max expiry value to a 32bit integer 2017-07-13 08:57:07 +03:00
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov 33d131d699 ttrss_gc: return true 2015-12-07 15:25:31 +03:00
Andrew Dolgov f5e66c439e remove SESSION_CHECK_ADDRESS 2015-08-21 09:02:16 +03:00
Andrew Dolgov ffc3a1e579 session: don't try to validate session schema version on empty sessions 2015-01-31 18:48:11 +03:00
Andrew Dolgov 3192fb43bc do not invalidate session when version_static and user agent changes 2015-01-30 13:14:19 +03:00
Andrew Dolgov 04a8c2065f better error reporting in session validation 2013-07-06 12:05:52 +04:00
Andrew Dolgov 3472c4c569 use static version for session checking, show latest changeset for git version instead of head date 2013-04-24 16:57:24 +04:00
Andrew Dolgov 6322ac79a0 remove $link 2013-04-17 16:48:41 +04:00
Andrew Dolgov 404e2e3603 more work on singleton-based DB 2013-04-17 15:36:48 +04:00
Andrew Dolgov 889a5f9f19 experimental SQL-based error logger 2013-04-16 19:41:31 +04:00
Andrew Dolgov 9ce7a5546c implement some tweaks to session handling; properly remove session cookie if invalid/login failed 2013-04-04 15:33:14 +04:00
Andrew Dolgov 810205625b session validation: check for tt-rss version 2013-04-04 12:55:15 +04:00
Andrew Dolgov 6f431804a9 remove session check/destroy stuff, looks problematic 2013-04-03 19:13:23 +04:00
Andrew Dolgov c35b6d8e14 initialize session connection in ttrss_open but define session_connection in global context 2013-04-02 14:04:47 +04:00
Andrew Dolgov 168680976f sessions: initialize connection on include, not in ttrss_open 2013-04-02 13:58:08 +04:00
Ryan Parrish f4bae03a6e Merge branch 'master' of https://github.com/stickystyle/Tiny-Tiny-RSS 2013-04-01 10:41:20 -04:00
Ryan Parrish 7081aaa09b add missing gettext libs 2013-04-01 10:40:28 -04:00
Andrew Dolgov 837ec70e3e validate_session: check for user agent 2013-04-01 18:22:07 +04:00
Andrew Dolgov e9b7469233 validate session on startup 2013-03-31 13:10:46 +04:00
Andrew Dolgov 8f49a2257b fix stuff broken by previous pull 2013-03-29 19:20:46 +04:00
all 48ec0b8526 Check that $_SESSION["uid"] is defined before checking value 2013-03-29 15:17:38 +01:00
Andrew Dolgov 2137d67496 sessions: properly check for cookie being set 2013-03-28 12:40:56 +04:00
Andrew Dolgov 6cfd3c149c remove SESSION_EXPIRE_TIME 2013-03-28 10:06:16 +04:00
Andrew Dolgov f231f438ba reimplement remember_me 2013-03-28 09:48:58 +04:00
Andrew Dolgov 60ed4c9ad5 add yet another workaround for stuck login due to session cookies 2013-03-28 09:09:41 +04:00
Andrew Dolgov 5160620c8a only autostart session if login cookie exists 2013-03-28 08:06:21 +04:00
Andrew Dolgov 3972bf5981 db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close() 2013-03-22 09:14:55 +04:00
Andrew Dolgov 5c81e817d3 enable mysql db session support 2013-03-21 21:52:20 +04:00
Andrew Dolgov 0295919648 attempt fix db_escape_string() invocation in sessions.php 2013-03-21 21:42:11 +04:00
Andrew Dolgov acfbab375d mute warnings caused by session_start() to deal with potential ps_files_cleanup_dir stuff 2013-02-19 16:56:43 +04:00
Andrew Dolgov 6addc13f46 sessions: prevent HTTPS warning 2013-01-22 19:21:40 +04:00
Andrew Dolgov 964f153371 api: use tt-rss session storage 2012-09-19 12:45:01 +04:00
Andrew Dolgov 09e8bdfd18 simplify default global config, expand sanity_check messages 2011-12-13 19:20:26 +04:00
Andrew Dolgov 107d0cf39e overall directory tree cleanup 2011-12-11 23:59:25 +04:00
Renamed from sessions.php (Browse further)