aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/config.inc.php12
-rw-r--r--include/functions_session.inc.php10
-rw-r--r--include/user.inc.php20
3 files changed, 15 insertions, 27 deletions
diff --git a/include/config.inc.php b/include/config.inc.php
index a2a3b0d4c..07ec9e8a6 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -96,9 +96,11 @@ $conf['remember_me_length'] = 31536000;
// time of validity for normal session, in seconds.
$conf['session_length'] = 3600;
-// session id length when session id in URI
-$conf['session_id_size_URI'] = 4;
-
-// session id length when session id in cookie
-$conf['session_id_size_cookie'] = 50;
+// session id size. A session identifier is compound of alphanumeric
+// characters and is case sensitive. Each character is among 62
+// possibilities. The number of possible sessions is
+// 62^$conf['session_id_size'].
+// 62^5 = 916,132,832
+// 62^10 = 839,299,365,868,340,224
+$conf['session_id_size'] = 10;
?>
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index ce66e3a30..bb0fca11c 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -62,11 +62,10 @@ function generate_key($size)
* - return session identifier
*
* @param int userid
- * @param string method : cookie or URI
* @param int session_lentgh : in seconds
* @return string
*/
-function session_create($userid, $method, $session_length)
+function session_create($userid, $session_length)
{
global $conf;
@@ -74,7 +73,7 @@ function session_create($userid, $method, $session_length)
$id_found = false;
while (!$id_found)
{
- $generated_id = generate_key($conf['session_id_size_'.$method]);
+ $generated_id = generate_key($conf['session_id_size']);
$query = '
SELECT id
FROM '.SESSIONS_TABLE.'
@@ -97,10 +96,7 @@ INSERT INTO '.SESSIONS_TABLE.'
;';
mysql_query($query);
- if ($method == 'cookie')
- {
- setcookie('id', $generated_id, $session_length+time(), cookie_path());
- }
+ setcookie('id', $generated_id, $expiration, cookie_path());
return $generated_id;
}
diff --git a/include/user.inc.php b/include/user.inc.php
index 01a7243d1..a39441bb2 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -39,25 +39,15 @@ $query_user = 'SELECT * FROM '.USERS_TABLE;
$query_done = false;
$user['is_the_guest'] = false;
-// cookie deletion if administrator don't authorize them anymore
-if (!$conf['authorize_remembering'] and isset($_COOKIE['id']))
+if (isset($_COOKIE['id']))
{
- setcookie('id', '', 0, cookie_path());
- $url = 'category.php';
- redirect($url);
+ $session_id = $_COOKIE['id'];
+ $user['has_cookie'] = true;
}
-
-if (isset($_GET['id']))
+else if (isset($_GET['id']))
{
$session_id = $_GET['id'];
$user['has_cookie'] = false;
- $session_id_size = $conf['session_id_size_URI'];
-}
-elseif (isset($_COOKIE['id']))
-{
- $session_id = $_COOKIE['id'];
- $user['has_cookie'] = true;
- $session_id_size = $conf['session_id_size_cookie'];
}
else
{
@@ -65,7 +55,7 @@ else
}
if (isset($session_id)
- and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id))
+ and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
{
$page['session_id'] = $session_id;
$query = '