Rev: 4423

author: M.Gergo 2019-01-20 11:48:48 +0100
committer: M.Gergo 2019-01-20 11:48:48 +0100
commit: f70027ffbedce10f412868a7bf9b0b67b113f1b1 (patch)
tree: fbcc48049f1e66fe3ec66a0f3d8eee47bb400cdb /mayor-orig/www/include/share
parent: e6988247360fa98b85915a38803d018dd353df00 (diff)
download: mayor-f70027ffbedce10f412868a7bf9b0b67b113f1b1.tar.gz
mayor-f70027ffbedce10f412868a7bf9b0b67b113f1b1.zip
3 files changed, 9 insertions, 7 deletions
diff --git a/mayor-orig/www/include/share/auth/base.php b/mayor-orig/www/include/share/auth/base.php
index 9b4fa21a..8ff27f5e 100644
--- a/mayor-orig/www/include/share/auth/base.php
+++ b/mayor-orig/www/include/share/auth/base.php
@@ -93,7 +93,7 @@
 	    db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'values' => array($sessionID, $policy)), $lr);
 	} 
 	$now = date('Y-m-d H:i:s');
-	$_SC = sessionCookieEncode($sessionID, $now);
+	$_SC = sessionCookieEncode($sessionID, $now); // TODO
 	$_studyId = ($studyId=='') ? 'NULL' : $studyId;
 	if ($studyId=='') {
     	    $query="INSERT INTO session
@@ -109,9 +109,7 @@
         db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'values' => $v), $lr);
         db_close($lr);
 
-	// Megjegyzés: a sessionID elhashelése nem jelent semmiféle védelmet, így tökéletesen megfelelő az md5 is
-	// értékénél viszont a $now alkalmazása tökéletesen hibás, hiszen a lejárati dátumból 1:1-ben reprodukálható
-	
+	// Megjegyzés: a sessionID elhashelése nem jelent semmiféle védelmet, így tökéletesen megfelelő a gyenge hash is, de now alkalmazása hibás
 	setcookie($_SC['name'],$_SC['value'],time()+60*60*_SESSION_MAX_TIME,'/','',_SECURECOOKIE);
 
         return $sessionID;
diff --git a/mayor-orig/www/include/share/session/base.php b/mayor-orig/www/include/share/session/base.php
index 706a9ef9..337c72df 100644
--- a/mayor-orig/www/include/share/session/base.php
+++ b/mayor-orig/www/include/share/session/base.php
@@ -115,9 +115,11 @@
 	db_query($q, array('fv' => 'cache', 'modul' => 'login', 'result' => 'indexed', 'values'=>$v));
     }
 
-
-
-
+    function _clearSessionCache($sessionID) {
+	$q = "DELETE FROM `cache` WHERE sessionID  IN ('%s','%s')";
+	$v = array(_SESSIONID,$sessionID);
+	db_query($q, array('debug'=>false,'fv' => 'cache', 'modul' => 'login', 'result' => 'indexed', 'values'=>$v));
+    }
 
 ######################################################
 # getBackendAttrs - az adott policy backend-jéhez tartozó attribútumok - session modul
diff --git a/mayor-orig/www/include/share/session/close.php b/mayor-orig/www/include/share/session/close.php
index 146a038e..2c321ef0 100644
--- a/mayor-orig/www/include/share/session/close.php
+++ b/mayor-orig/www/include/share/session/close.php
@@ -30,6 +30,8 @@
     function closeSession($sessionID = '') {
 	// _SESSIONID csak validUser esetén van, de mi lehet, hogy másik policy-ből jöttünk!
 	if ($sessionID == '') $sessionID = $_REQUEST['sessionID'];
+	_clearSessionCache($sessionID);
+	unsetTokenCookies();
 	$q = "DELETE FROM session WHERE sessionID='%s'";
 	return db_query($q, array('fv' => 'closeSession', 'modul' => 'login', 'result' => 'affected rows', 'values' => array($sessionID)));
     }
author	M.Gergo	2019-01-20 11:48:48 +0100
committer	M.Gergo	2019-01-20 11:48:48 +0100
commit	f70027ffbedce10f412868a7bf9b0b67b113f1b1 (patch)
tree	fbcc48049f1e66fe3ec66a0f3d8eee47bb400cdb /mayor-orig/www/include/share
parent	e6988247360fa98b85915a38803d018dd353df00 (diff)
download	mayor-f70027ffbedce10f412868a7bf9b0b67b113f1b1.tar.gz mayor-f70027ffbedce10f412868a7bf9b0b67b113f1b1.zip