diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-09-24 00:42:23 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-09-24 00:42:23 +0200 |
commit | 4585159f8b39e58b22fa409a1e33e404cfe33777 (patch) | |
tree | bf7ec3347290930dcb3f11025a578ccce0aaa61a | |
parent | 57f9f39ca6edd4c9cea0f68b86da0ec7a9098f0b (diff) |
Fixed a bug in the Session class when database sessions are used where upon session update all userdata would be errantly written to the session cookie.
Also rewrote a bit of the cookie handling code to be a bit more efficient and understandable
-rw-r--r-- | system/libraries/Session.php | 31 | ||||
-rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 19 insertions, 13 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 7e50dce25..4fe449727 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -252,16 +252,17 @@ class CI_Session { return;
}
- // We need two copies of the session data array. One will contain any custom data
- // that might have been set. The other will contain the data that will be saved to the cookie
- $cookie_userdata = $this->userdata;
+ // set the custom userdata, the session data we will set in a second
$custom_userdata = $this->userdata;
-
+ $cookie_userdata = array();
+
// Before continuing, we need to determine if there is any custom data to deal with.
// Let's determine this by removing the default indexes to see if there's anything left in the array
+ // and set the session data while we're at it
foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
{
unset($custom_userdata[$val]);
+ $cookie_userdata[$val] = $this->userdata[$val];
}
// Did we find any custom data? If not, we turn the empty array into a string
@@ -271,14 +272,7 @@ class CI_Session { $custom_userdata = '';
}
else
- {
- // Before we serialize the custom data array, let's remove that data from the
- // main session array since we do not want to save that info to the cookie
- foreach (array_keys($custom_userdata) as $val)
- {
- unset($cookie_userdata[$val]);
- }
-
+ {
// Serialize the custom data array so we can store it
$custom_userdata = serialize($custom_userdata);
}
@@ -365,14 +359,25 @@ class CI_Session { $this->userdata['session_id'] = $new_sessid;
$this->userdata['last_activity'] = $this->now;
+ // _set_cookie() will handle this for us if we aren't using database sessions
+ // by pushing all userdata to the cookie.
+ $cookie_data = NULL;
+
// Update the session ID and last_activity field in the DB if needed
if ($this->sess_use_database === TRUE)
{
+ // set cookie explicitly to only have our session data
+ $cookie_data = array();
+ foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
+ {
+ $cookie_data[$val] = $this->userdata[$val];
+ }
+
$this->CI->db->query($this->CI->db->update_string($this->sess_table_name, array('last_activity' => $this->now, 'session_id' => $new_sessid), array('session_id' => $old_sessid)));
}
// Write the cookie
- $this->_set_cookie();
+ $this->_set_cookie($cookie_data);
}
// --------------------------------------------------------------------
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 9cae52f6a..bad3d089e 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -103,6 +103,7 @@ SVN Revision: XXXX</p> <li>Fixed a bug in the Email library with quoted-printable encoding improperly encoding space and tab characters.</li>
<li>Modified XSS sanitization to no longer add semicolons after &[single letter], such as in M&M's, B&B, etc.</li>
<li>Modified XSS sanitization to no longer strip XHTML image tags of closing slashes.</li>
+ <li>Fixed a bug in the Session class when database sessions are used where upon session update all userdata would be errantly written to the session cookie.</li>
</ul>
<h2>Version 1.6.3</h2>
|