Home Explore Help
Sign In
fusionpbx
/
fusionpbx-framework
mirror of https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Regenerate session every 15 minutes

FusionPBX 1 year ago
parent
10bd164ccd
commit
9ed779ac8b
1 changed files with 17 additions and 8 deletions
Unified View Show Diff Stats
  1. 17 8
      resources/check_auth.php

+ 17 - 8
resources/check_auth.php
View File 

@@ -45,21 +45,30 @@
 
 
 
 //regenerate sessions to avoid session id attacks such as session fixation
 
 //regenerate sessions to avoid session id attacks such as session fixation
 
 	if (isset($_SESSION['authorized']) && $_SESSION['authorized']) {
 
 	if (isset($_SESSION['authorized']) && $_SESSION['authorized']) {
 
+		//set the last activity time
 
 		$_SESSION['session']['last_activity'] = time();
 
 		$_SESSION['session']['last_activity'] = time();
 
+
 
+		//if session created is not set then set the time
 
 		if (!isset($_SESSION['session']['created'])) {
 
 		if (!isset($_SESSION['session']['created'])) {
 
 			$_SESSION['session']['created'] = time();
 
 			$_SESSION['session']['created'] = time();
 
-		} elseif (time() - $_SESSION['session']['created'] > 28800) {
 
-			//session started more than 8 hours ago
 
-			session_regenerate_id(true);    // rotate the session id
 
-			$_SESSION['session']['created'] = time();  // update creation time
 
+		} 
+
 
+		//check the elapsed time if exceeds limit then rotate the session
 
+		if (time() - $_SESSION['session']['created'] > 900) {
 
 
 
 			//build the user log array
 
 			//build the user log array
 
-			$log_array['domain_uuid'] = $_SESSION['domain_uuid'];
 
-			$log_array['domain_name'] = $_SESSION['domain_name'];
 
-			$log_array['username'] = $_SESSION['username'];
 
-			$log_array['user_uuid'] = $_SESSION['user_uuid'];
 
+			$log_array['domain_uuid'] = $_SESSION['user']['domain_uuid'];
 
+			$log_array['domain_name'] = $_SESSION['user']['domain_name'];
 
+			$log_array['username'] = $_SESSION['user']['username'];
 
+			$log_array['user_uuid'] = $_SESSION['user']['user_uuid'];
 
 			$log_array['authorized'] = true;
 
 			$log_array['authorized'] = true;
 
 
 
+			//session started more than 15 minutes
 
+			session_regenerate_id(true);
 
+
 
+			// update creation time
 
+			$_SESSION['session']['created'] = time();
 
+
 
 			//add the result to the user logs
 
 			//add the result to the user logs
 
 			user_logs::add($log_array);
 
 			user_logs::add($log_array);
 
 		}
 
 		}