dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Regenerate session every 15 minutes

This commit is contained in:
FusionPBX 2024-09-04 12:37:06 -06:00 committed by GitHub
parent b529d2a535
commit 86a4df04cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
resources/check_auth.php
View File

@ -45,21 +45,30 @@
//regenerate sessions to avoid session id attacks such as session fixation
if (isset($_SESSION['authorized']) && $_SESSION['authorized']) {
//set the last activity time
$_SESSION['session']['last_activity'] = time();
//if session created is not set then set the time
if (!isset($_SESSION['session']['created'])) {
$_SESSION['session']['created'] = time();
} elseif (time() - $_SESSION['session']['created'] > 28800) {
//session started more than 8 hours ago
session_regenerate_id(true); // rotate the session id
$_SESSION['session']['created'] = time(); // update creation time
}
//check the elapsed time if exceeds limit then rotate the session
if (time() - $_SESSION['session']['created'] > 900) {
//build the user log array
$log_array['domain_uuid'] = $_SESSION['domain_uuid'];
$log_array['domain_name'] = $_SESSION['domain_name'];
$log_array['username'] = $_SESSION['username'];
$log_array['user_uuid'] = $_SESSION['user_uuid'];
$log_array['domain_uuid'] = $_SESSION['user']['domain_uuid'];
$log_array['domain_name'] = $_SESSION['user']['domain_name'];
$log_array['username'] = $_SESSION['user']['username'];
$log_array['user_uuid'] = $_SESSION['user']['user_uuid'];
$log_array['authorized'] = true;
//session started more than 15 minutes
session_regenerate_id(true);
// update creation time
$_SESSION['session']['created'] = time();
//add the result to the user logs
user_logs::add($log_array);
}