dave/pathfinder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

closed #142 added custom "onsuspect()" session handler

Browse Source
This commit is contained in:
Exodus4D
2016-05-07 22:01:10 +02:00
parent 96aae44f94
commit 26d0aaf9c7
2 changed files with 30 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
app/main/controller/controller.php
View File

@@ -18,6 +18,7 @@ class Controller {
const COOKIE_NAME_STATE = 'cookie';
const COOKIE_PREFIX_CHARACTER = 'char';
const ERROR_SESSION_SUSPECT = 'Suspect id: [%30s], ip: [%40s], new ip: [%40s], User-Agent: %s ';
/**
* @var \Base
*/
@@ -113,9 +114,33 @@ class Controller {
* init new Session handler
*/
protected function initSession(){
// init DB based Session (not file based)
if( $this->getDB('PF') instanceof DB\SQL){
new DB\SQL\Session($this->getDB('PF'));
// init session with custom "onsuspect()" handler
new DB\SQL\Session($this->getDB('PF'), 'sessions', true, function($session, $sid){
$f3 = $this->getF3();
if( ($ip = $session->ip() )!= $f3->get('IP') ){
// IP address changed -> not critical
$this->getLogger(
$f3->get('PATHFINDER.LOGFILES.SESSION_SUSPECT')
)->write( sprintf(
self::ERROR_SESSION_SUSPECT,
$sid,
$session->ip(),
$f3->get('IP'),
$f3->get('AGENT')
));
// no more error handling here
return true;
}elseif($session->agent() != $f3->get('AGENT') ){
// The default behaviour destroys the suspicious session.
return false;
}
return true;
});
}
}

6
app/pathfinder.ini
View File

@@ -103,10 +103,12 @@ CONSTELLATION_SYSTEMS = 2592000
[PATHFINDER.LOGFILES]
; just for manuel debug during development
DEBUG = debug
; user login information
; login information
LOGIN = login
; session warnings (suspect)
SESSION_SUSPECT = session_suspect
; account deleted
DELETE_ACCOUNT = delete_account
DELETE_ACCOUNT = account_delete
; API =============================================================================================
[PATHFINDER.API]