nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update session regenerate

Browse Source
This commit is contained in:
FusionPBX
2024-09-02 22:48:02 -06:00
committed by GitHub
parent b4edb3c3a0
commit ffd0545a22
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
resources/check_auth.php
View File

@@ -44,14 +44,24 @@
}
//regenerate sessions to avoid session id attacks such as session fixation
if (array_key_exists('security',$_SESSION) && $_SESSION['security']['session_rotate']['boolean'] == "true") {
if (isset($_SESSION['authorized']) && $_SESSION['authorized']) {
$_SESSION['session']['last_activity'] = time();
if (!isset($_SESSION['session']['created'])) {
$_SESSION['session']['created'] = time();
} else if (time() - $_SESSION['session']['created'] > 28800) {
// session started more than 8 hours ago
} elseif (time() - $_SESSION['session']['created'] > 28800) {
//session started more than 8 hours ago
session_regenerate_id(true); // rotate the session id
$_SESSION['session']['created'] = time(); // update creation time
//build the user log array
$log_array['domain_uuid'] = $_SESSION['domain_uuid'];
$log_array['domain_name'] = $_SESSION['domain_name'];
$log_array['username'] = $_SESSION['username'];
$log_array['user_uuid'] = $_SESSION['user_uuid'];
$log_array['authorized'] = true;
//add the result to the user logs
user_logs::add($log_array);
}
}