diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2020-10-06 23:19:45 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-10-06 23:19:45 +0200 |
| commit | 0319cc9d234e107109d988f36f2361b25f9f0777 (patch) | |
| tree | e373d93694297e36056d9888141d3233d0686260 /app/Models/Auth.php | |
| parent | 3aed0b95534c60b26254292e951c8a9c5badc786 (diff) | |
Minz allow parallel sessions (#3096)
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
Diffstat (limited to 'app/Models/Auth.php')
| -rw-r--r-- | app/Models/Auth.php | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index fcbf37fa3..77a244843 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -23,8 +23,10 @@ class FreshRSS_Auth { if ($current_user === '') { $conf = Minz_Configuration::get('system'); $current_user = $conf->default_user; - Minz_Session::_param('currentUser', $current_user); - Minz_Session::_param('csrf'); + Minz_Session::_params([ + 'currentUser' => $current_user, + 'csrf' => false, + ]); } if (self::$login_ok) { @@ -55,9 +57,11 @@ class FreshRSS_Auth { $current_user = ''; if (isset($credentials[1])) { $current_user = trim($credentials[0]); - Minz_Session::_param('currentUser', $current_user); - Minz_Session::_param('passwordHash', trim($credentials[1])); - Minz_Session::_param('csrf'); + Minz_Session::_params([ + 'currentUser' => $current_user, + 'passwordHash' => trim($credentials[1]), + 'csrf' => false, + ]); } return $current_user != ''; case 'http_auth': @@ -79,8 +83,10 @@ class FreshRSS_Auth { ]); } if ($login_ok) { - Minz_Session::_param('currentUser', $current_user); - Minz_Session::_param('csrf'); + Minz_Session::_params([ + 'currentUser' => $current_user, + 'csrf' => false, + ]); } return $login_ok; case 'none': @@ -118,8 +124,10 @@ class FreshRSS_Auth { self::$login_ok = false; } - Minz_Session::_param('loginOk', self::$login_ok); - Minz_Session::_param('REMOTE_USER', httpAuthUser()); + Minz_Session::_params([ + 'loginOk' => self::$login_ok, + 'REMOTE_USER' => httpAuthUser(), + ]); return self::$login_ok; } @@ -153,9 +161,11 @@ class FreshRSS_Auth { */ public static function removeAccess() { self::$login_ok = false; - Minz_Session::_param('loginOk'); - Minz_Session::_param('csrf'); - Minz_Session::_param('REMOTE_USER'); + Minz_Session::_params([ + 'loginOk' => false, + 'csrf' => false, + 'REMOTE_USER' => false, + ]); $system_conf = Minz_Configuration::get('system'); $username = ''; |