Don't update the session unless it changes

And deadband session token updates to 1 per 30 seconds

Don't update the session unless it changes
And deadband session token updates to 1 per 30 seconds
1fc40c3e · Jared Hancock · ea7b8b5e · 1fc40c3e · 1fc40c3e · 1fc40c3e
Commit 1fc40c3e authored 11 years ago by Jared Hancock
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -18,6 +18,7 @@ class osTicketSession {

    var $ttl = SESSION_TTL;
    var $data = '';
+    var $data_hash = '';
    var $id = '';

    function osTicketSession($ttl=0){
@@ -87,12 +88,16 @@ class osTicketSession {
                list($this->data)=db_fetch_row($res);
            $this->id = $id;
        }
+        $this->data_hash = md5($this->data);
        return $this->data;
    }

    function write($id, $data){
        global $thisstaff;

+        if (md5($data) == $this->data_hash)
+            return;
+
        $ttl = ($this && get_class($this) == 'osTicketSession')
            ? $this->getTTL() : SESSION_TTL;


--- a/include/class.usersession.php
+++ b/include/class.usersession.php
@@ -66,6 +66,14 @@ class UserSession {
      return($token);
   }

+   function getLastUpdate($htoken) {
+       if (!$htoken)
+           return 0;
+
+       @list($hash,$expire,$ip)=explode(":",$htoken);
+       return $expire;
+   }
+
   function isvalidSession($htoken,$maxidletime=0,$checkip=false){
        global $cfg;

@@ -122,7 +130,10 @@ class ClientSession extends Client {
    }

    function refreshSession(){
-        global $_SESSION;
+        $time = $this->session->getLastUpdate($_SESSION['_client']['token']);
+        // Deadband session token updates to once / 30-seconds
+        if (time() - $time < 30)
+            return;
        $_SESSION['_client']['token']=$this->getSessionToken();
        //TODO: separate expire time from hash??
    }
@@ -160,7 +171,11 @@ class StaffSession extends Staff {
    }

    function refreshSession(){
-        global $_SESSION;
+        $time = $this->session->getLastUpdate($_SESSION['_staff']['token']);
+        // Deadband session token updates to once / 30-seconds
+        if (time() - $time < 30)
+            return;
+
        $_SESSION['_staff']['token']=$this->getSessionToken();
    }


--- a/scp/ajax.php
+++ b/scp/ajax.php
@@ -21,6 +21,7 @@ function staffLoginPage($msg='Unauthorized') {
    exit;
 }

+define('AJAX_REQUEST', 1);
 require('staff.inc.php');

 //Clean house...don't let the world see your crap.

--- a/scp/autocron.php
+++ b/scp/autocron.php
@@ -14,6 +14,7 @@

    vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
+define('AJAX_REQUEST', 1);
 require('staff.inc.php');
 ignore_user_abort(1);//Leave me a lone bro!
 @set_time_limit(0); //useless when safe_mode is on