From 8839c094c5ce6ee56f5ae46a9c5e130c406a6039 Mon Sep 17 00:00:00 2001 From: Matthew Wilson Date: Wed, 18 Jan 2006 05:58:31 +0000 Subject: [PATCH] some login logout cookie fixes. --- lib/WebGUI.pm | 1 + lib/WebGUI/Auth.pm | 2 +- lib/WebGUI/Auth/WebGUI.pm | 2 +- lib/WebGUI/Session.pm | 3 +-- lib/WebGUI/Session/Var.pm | 43 +++++++++++++++++++-------------------- 5 files changed, 25 insertions(+), 26 deletions(-) diff --git a/lib/WebGUI.pm b/lib/WebGUI.pm index 3d6961c6e..0ca20dce2 100644 --- a/lib/WebGUI.pm +++ b/lib/WebGUI.pm @@ -74,6 +74,7 @@ sub contentHandler { } else { $output = page($session); } + $session->http->setCookie("wgSession",$session->var->{_var}{sessionId}) unless $session->var->{_var}{sessionId} eq $session->http->getCookies->{"wgSession"}; $session->http->getHeader(); $r->print($output) unless ($session->http->isRedirect()); WebGUI::Affiliate::grabReferral($session); # process affilliate tracking request diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm index 62995d586..7b966c025 100644 --- a/lib/WebGUI/Auth.pm +++ b/lib/WebGUI/Auth.pm @@ -566,9 +566,9 @@ sub login { $uid = $self->userId; $u = WebGUI::User->new($self->session,$uid); $self->session->user({user=>$u}); + $self->session->var->start($uid,$self->session->getId); $u->karma($self->session->setting->get("karmaPerLogin"),"Login","Just for logging in.") if ($self->session->setting->get("useKarma")); $self->_logLogin($uid,"success"); - if ($self->session->scratch->get("redirectAfterLogin")) { $self->session->http->setRedirect($self->session->scratch->get("redirectAfterLogin")); $self->session->scratch->delete("redirectAfterLogin"); diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm index 733a2f65a..e7ea9f539 100644 --- a/lib/WebGUI/Auth/WebGUI.pm +++ b/lib/WebGUI/Auth/WebGUI.pm @@ -239,7 +239,7 @@ sub createAccountSave { ); $self->user->status("Deactivated"); $self->session->var->end($self->session->var->get("sessionId")); - $self->session->var->start(1); + $self->session->var->start(1,$self->session->getId); my $u = WebGUI::User->new($self->session,1); $self->{user} = $u; $self->logout; diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index a3b712d17..17cf1ae70 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -355,11 +355,11 @@ sub open { my $configFile = shift; my $request = shift; my $server = shift; - my $sessionId = shift; my $config = WebGUI::Config->new($webguiRoot,$configFile); my $self = {_config=>$config, _server=>$server}; bless $self , $class; $self->{_request} = Apache2::Request->new($request, POST_MAX => 1024 * $self->setting->get("maxAttachmentSize")) if (defined $request); + my $sessionId = shift || $self->http->getCookies->{"wgSession"}; $self->{_var} = WebGUI::Session::Var->new($self,$sessionId); return $self; } @@ -535,7 +535,6 @@ sub user { } delete $self->{_stow}; $self->{_user} = $option->{user} || WebGUI::User->new($self, $userId); - $self->var->start($userId,$self->getId); $self->request->user($self->{_user}->username) if ($self->request); } elsif (!exists $self->{_user}) { $self->{_user} = WebGUI::User->new($self, $self->var->get('userId')); diff --git a/lib/WebGUI/Session/Var.pm b/lib/WebGUI/Session/Var.pm index 1adb36b30..56f2d2d04 100644 --- a/lib/WebGUI/Session/Var.pm +++ b/lib/WebGUI/Session/Var.pm @@ -161,23 +161,23 @@ sub new { my $class = shift; my $session = shift; use WebGUI; WebGUI::dumpSession($session); my $self = bless {_session=>$session}, $class; - my $sessionId = shift || $session->http->getCookies->{"wgSession"}; - if ($sessionId eq "") { - $self->start(1); - } else { - $self->{_var} = $session->db->quickHashRef("select * from userSession where sessionId=".$session->db->quote($sessionId)); - if ($self->{_var}{expires} && $self->{_var}{expires} < $session->datetime->time()) { - $self->end; - } - if ($self->{_var}{sessionId} ne "") { - $self->{_var}{lastPageView} = $session->datetime->time(); - $self->{_var}{lastIP} = $session->env("REMOTE_ADDR"); - $self->{_var}{expires} = $session->datetime->time() + $session->setting->get("sessionTimeout"); - $session->db->setRow("userSession","sessionId",$self->{_var}); - } else { - $self->start(1,$sessionId); - } - } + my $sessionId = shift; + if ($sessionId eq "") { + $self->start(1); + } else { + $self->{_var} = $session->db->quickHashRef("select * from userSession where sessionId=".$session->db->quote($sessionId)); + if ($self->{_var}{expires} && $self->{_var}{expires} < $session->datetime->time()) { + $self->end; + } + if ($self->{_var}{sessionId} ne "") { + $self->{_var}{lastPageView} = $session->datetime->time(); + $self->{_var}{lastIP} = $session->env("REMOTE_ADDR"); + $self->{_var}{expires} = $session->datetime->time() + $session->setting->get("sessionTimeout"); + $session->db->setRow("userSession","sessionId",$self->{_var}); + } else { + $self->start(1,$sessionId); + } + } return $self; } @@ -215,18 +215,17 @@ Session id will be generated if not specified. In almost every case you should l sub start { my $self = shift; my $userId = shift || 1; - my $sessionId = shift || "new"; + my $sessionId = shift || $self->session->id->generate; $self->{_var} = { - sessionId=>$sessionId, expires=>$self->session->datetime->time() + $self->session->setting->get("sessionTimeout"), lastPageView=>$self->session->datetime->time(), lastIP => $self->session->env->get("REMOTE_ADDR"), adminOn => 0, userId => $userId }; - $self->{_var}{sessionId} = $self->session->{_sessionId} = $self->session->db->setRow("userSession","sessionId",$self->{_var}); - $self->session->http->setCookie("wgSession",$self->{_var}{sessionId}) unless $self->{_var}{sessionId} eq $self->session->http->getCookies->{"wgSession"}; - return $self->getId; + $self->{_var}{sessionId} = $sessionId; + $self->session->db->setRow("userSession","sessionId",$self->{_var},$sessionId); + $self->session->{_sessionId} = $sessionId; } #-------------------------------------------------------------------