oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bugfix 811175 uniqueness check on Session Id

Browse source
This commit is contained in:
Len Kranendonk 2003-11-15 11:53:07 +00:00
parent d954d2b952
commit 0dd384b321
1 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/WebGUI/Session.pm
View file

@ -203,6 +203,17 @@ sub _loadWobjects {
} }
} }
#-------------------------------------------------------------------
# This routine returns an unique session Id.
sub _uniqueSessionId {
my $sessionId = crypt((_time()*rand(1000)),rand(99));
my ($isDuplicate) = WebGUI::SQL->buildArray("select count(*) from userSession where sessionId =".quote($sessionId));
if ($isDuplicate) {
return _uniqueSessionId();
} else {
return $sessionId;
}
}
#------------------------------------------------------------------- #-------------------------------------------------------------------
=head2 close =head2 close
@ -619,7 +630,7 @@ Session id will be generated if not specified. In almost every case you should l
sub start { sub start {
my ($sessionId); my ($sessionId);
$sessionId = $_[1] || crypt((_time()*rand(1000)),rand(99)); $sessionId = $_[1] || _uniqueSessionId();
if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) { if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) {
WebGUI::SQL->write("insert into userSession values ('$sessionId', ". WebGUI::SQL->write("insert into userSession values ('$sessionId', ".
(_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', $_[0])"); (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', $_[0])");