diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index fa7b86079..5378a25d0 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -3941,6 +3941,13 @@ our @options = ( type => $types{string}, category => 'mail', }, + { + name => 'ZM_COOKIE_LIFETIME', + default => '3600', + description => q`The maximum life of a COOKIE used when setting up PHP's session handler. This will affect how long a session will be valid for since the last request. Keeping this short helps prevent session hijacking. Keeping it long allows you to stay logged in longer without refreshing the view.`, + type => $types{integer}, + category => 'system', + } ); our %options_hash = map { ( $_->{name}, $_ ) } @options; diff --git a/web/includes/auth.php b/web/includes/auth.php index c74c13b80..e365ecef3 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -93,7 +93,7 @@ function userLogin($username='', $password='', $passwordHashed=false) { if ( ZM_AUTH_TYPE == 'builtin' ) { $_SESSION['passwordHash'] = $user['Password']; } - session_regenerate_id(); + zm_session_regenerate_id(); } else { Warning("Login denied for user \"$username\""); $_SESSION['loginFailed'] = true; @@ -107,10 +107,8 @@ function userLogin($username='', $password='', $passwordHashed=false) { function userLogout() { global $user; Info('User "'.$user['Username'].'" logged out'); - session_start(); - unset($_SESSION['user']); unset($user); - session_destroy(); + zm_session_clear(); } function getAuthUser($auth) { @@ -205,18 +203,6 @@ function canEdit($area, $mid=false) { return ( $user[$area] == 'Edit' && ( !$mid || visibleMonitor($mid) )); } -function is_session_started() { - if ( php_sapi_name() !== 'cli' ) { - if ( version_compare(phpversion(), '5.4.0', '>=') ) { - return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE; - } else { - return session_id() === '' ? FALSE : TRUE; - } - } else { - Warning("php_sapi_name === 'cli'"); - } - return FALSE; -} if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_HASH_LOGINS && empty($user) && ! empty($_REQUEST['auth']) ) { diff --git a/web/includes/session.php b/web/includes/session.php new file mode 100644 index 000000000..ae102424c --- /dev/null +++ b/web/includes/session.php @@ -0,0 +1,76 @@ +=') ) { + return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE; + } else { + return session_id() === '' ? FALSE : TRUE; + } + } else { + Warning("php_sapi_name === 'cli'"); + } + return FALSE; +} + +function zm_session_clear() { + session_start(); + $_SESSION = array(); + if ( ini_get('session.use_cookies') ) { + $p = session_get_cookie_params(); + # Update the cookie to expire in the past. + setcookie(session_name(), '', time() - 31536000, $p['path'], $p['domain'], $p['secure'], $p['httponly']); + } + session_unset(); + session_destroy(); +} +?> diff --git a/web/index.php b/web/index.php index 5190fad65..736ee4af5 100644 --- a/web/index.php +++ b/web/index.php @@ -44,6 +44,7 @@ if ( false ) { } require_once('includes/config.php'); +require_once('includes/session.php'); require_once('includes/logger.php'); require_once('includes/Server.php'); require_once('includes/Storage.php'); @@ -114,19 +115,7 @@ if ( !file_exists(ZM_SKIN_PATH) ) Fatal("Invalid skin '$skin'"); $skinBase[] = $skin; -$currentCookieParams = session_get_cookie_params(); -//Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); -session_set_cookie_params( - $currentCookieParams['lifetime'], - $currentCookieParams['path'], - $currentCookieParams['domain'], - $currentCookieParams['secure'], - true -); - -ini_set('session.name', 'ZMSESSID'); - -session_start(); +zm_session_start(); if ( !isset($_SESSION['skin']) || isset($_REQUEST['skin']) || !isset($_COOKIE['zmSkin']) || $_COOKIE['zmSkin'] != $skin ) { $_SESSION['skin'] = $skin;