Use session_regenerate_id instead of our broken code to do the same

This commit is contained in:
Isaac Connor 2019-02-05 11:45:09 -05:00
parent 2466d765bf
commit cb0d9325e6
1 changed files with 7 additions and 18 deletions

View File

@ -20,34 +20,23 @@ function zm_session_start() {
ini_set('session.name', 'ZMSESSID'); ini_set('session.name', 'ZMSESSID');
session_start(); session_start();
// Do not allow to use too old session ID // Do not allow to use expired session ID
if (!empty($_SESSION['last_time']) && $_SESSION['last_time'] < time() - 180) { if (!empty($_SESSION['last_time']) && $_SESSION['last_time'] < time() - 180) {
session_destroy(); session_destroy();
session_start(); session_start();
} }
} } // function zm_session_start()
// My session regenerate id function // My session regenerate id function
function zm_session_regenerate_id() { function zm_session_regenerate_id() {
// Call session_create_id() while session is active to
// make sure collision free.
if ( session_status() != PHP_SESSION_ACTIVE ) { if ( session_status() != PHP_SESSION_ACTIVE ) {
session_start(); session_start();
} }
// WARNING: Never use confidential strings for prefix!
$newid = session_create_id();
// Set deleted timestamp. Session data must not be deleted immediately for reasons. // Set deleted timestamp. Session data must not be deleted immediately for reasons.
$_SESSION['last_time'] = time(); $_SESSION['last_time'] = time();
// Finish session session_regenerate_id();
session_commit(); unset($_SESSION['last_time']);
// Make sure to accept user defined session ID } // function zm_session_regenerate_id()
// NOTE: You must enable use_strict_mode for normal operations.
ini_set('session.use_strict_mode', 0);
// Set new custome session ID
session_id($newid);
// Start with custome session ID
session_start();
}
function is_session_started() { function is_session_started() {
if ( php_sapi_name() !== 'cli' ) { if ( php_sapi_name() !== 'cli' ) {
@ -60,7 +49,7 @@ function is_session_started() {
Warning("php_sapi_name === 'cli'"); Warning("php_sapi_name === 'cli'");
} }
return FALSE; return FALSE;
} } // function is_session_started()
function zm_session_clear() { function zm_session_clear() {
session_start(); session_start();
@ -72,5 +61,5 @@ function zm_session_clear() {
} }
session_unset(); session_unset();
session_destroy(); session_destroy();
} } // function zm_session_clear()
?> ?>