From fc5480f9990a00b3884dfd65a735cae4c826097b Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 6 Feb 2015 17:23:22 -0600
Subject: [PATCH] session: Move cookie routines to session class
---
include/class.ostsession.php | 17 +++++++++++++++++
include/class.usersession.php | 14 ++------------
logout.php | 6 +-----
scp/logout.php | 6 +-----
4 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index 94df679d2..b300f16ec 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -69,6 +69,23 @@ class osTicketSession {
$this->destroy($oldId);
}
+ static function destroyCookie() {
+ setcookie(session_name(), 'deleted', 1,
+ ini_get('session.cookie_path'),
+ ini_get('session.cookie_domain'),
+ ini_get('session.cookie_secure'),
+ ini_get('session.cookie_httponly'));
+ }
+
+ static function renewCookie($baseTime=false, $window=false) {
+ setcookie(session_name(), session_id(),
+ ($baseTime ?: time()) + ($window ?: SESSION_TTL),
+ ini_get('session.cookie_path'),
+ ini_get('session.cookie_domain'),
+ ini_get('session.cookie_secure'),
+ ini_get('session.cookie_httponly'));
+ }
+
function open($save_path, $session_name){
return (true);
}
diff --git a/include/class.usersession.php b/include/class.usersession.php
index 250f6c05f..9447c109f 100644
--- a/include/class.usersession.php
+++ b/include/class.usersession.php
@@ -143,12 +143,7 @@ class ClientSession extends EndUser {
$this->token = $this->getSessionToken();
//TODO: separate expire time from hash??
- setcookie(session_name(), session_id(),
- ($time ?: time()) + ($cfg->getClientTimeout() ?: 604800),
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain'),
- ini_get('session.cookie_secure'),
- ini_get('session.cookie_httponly'));
+ osTicketSession::renewCookie($time, $cfg->getClientSessionTimeout());
}
function getSession() {
@@ -195,12 +190,7 @@ class StaffSession extends Staff {
$this->token=$this->getSessionToken();
- setcookie(session_name(), session_id(),
- ($time ?: time()) + ($cfg->getStaffTimeout() ?: 604800),
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain'),
- ini_get('session.cookie_secure'),
- ini_get('session.cookie_httponly'));
+ osTicketSession::renewCookie($time, $cfg->getStaffSessionTimeout());
}
function getSession() {
diff --git a/logout.php b/logout.php
index 11e0e11fb..9fb8037ac 100644
--- a/logout.php
+++ b/logout.php
@@ -19,11 +19,7 @@ require('client.inc.php');
if ($thisclient && $_GET['auth'] && $ost->validateLinkToken($_GET['auth']))
$thisclient->logOut();
-setcookie(session_name(), 'deleted', 1,
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain'),
- ini_get('session.cookie_secure'),
- ini_get('session.cookie_httponly'));
+osTicketSession::destroyCookie();
Http::redirect('index.php');
?>
diff --git a/scp/logout.php b/scp/logout.php
index f51d9ed8a..1007d985c 100644
--- a/scp/logout.php
+++ b/scp/logout.php
@@ -31,11 +31,7 @@ TicketLock::removeStaffLocks($thisstaff->getId());
session_unset();
session_destroy();
-setcookie(session_name(), 'deleted', 1,
- ini_get('session.cookie_path'),
- ini_get('session.cookie_domain'),
- ini_get('session.cookie_secure'),
- ini_get('session.cookie_httponly'));
+osTicketSession::destroyCookie();
@header('Location: login.php');
require('login.php');
--
GitLab