diff options
Diffstat (limited to 'system/libraries/Session')
5 files changed, 14 insertions, 9 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 2551e54e9..de9b1e829 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -143,8 +143,7 @@ class CI_Session { session_start(); // Is session ID auto-regeneration configured? (ignoring ajax requests) - if ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) - && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest' + if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) OR strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest') && ($regenerate_time = config_item('sess_time_to_update')) > 0 ) { @@ -154,7 +153,7 @@ class CI_Session { } elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time)) { - $this->sess_regenerate(FALSE); + $this->sess_regenerate((bool) config_item('sess_regenerate_destroy')); } } // Another work-around ... PHP doesn't seem to send the session cookie diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 0ec6e34f0..20cec00fd 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -252,7 +252,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan * * Releases locks * - * @return void + * @return bool */ public function close() { diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index ad8315d52..5852277e8 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -107,7 +107,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle * Sanitizes the save_path directory. * * @param string $save_path Path to session files' directory - * @param string $name Session cookie name, unused + * @param string $name Session cookie name * @return bool */ public function open($save_path, $name) @@ -269,7 +269,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle * * Releases locks and closes file descriptor. * - * @return void + * @return bool */ public function close() { @@ -332,10 +332,16 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle $ts = time() - $maxlifetime; + $pattern = sprintf( + '/^%s[0-9a-f]{%d}$/', + preg_quote($this->_config['cookie_name'], '/'), + ($this->_config['match_ip'] === TRUE ? 72 : 40) + ); + foreach ($files as $file) { // If the filename doesn't match this pattern, it's either not a session file or is not ours - if ( ! preg_match('/(?:[0-9a-f]{32})?[0-9a-f]{40}$/i', $file) + if ( ! preg_match($pattern, $file) OR ! is_file($this->_config['save_path'].DIRECTORY_SEPARATOR.$file) OR ($mtime = filemtime($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)) === FALSE OR $mtime > $ts) diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index 00112c88c..600b8ca66 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -229,7 +229,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa * * Releases locks and closes connection. * - * @return void + * @return bool */ public function close() { diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index c53975ae4..c3c75b3b6 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -230,7 +230,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle * * Releases locks and closes connection. * - * @return void + * @return bool */ public function close() { |