From 0319cc9d234e107109d988f36f2361b25f9f0777 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 6 Oct 2020 23:19:45 +0200 Subject: Minz allow parallel sessions (#3096) * Minz allow parallel sessions #fix https://github.com/FreshRSS/FreshRSS/issues/3093 * Array optimisation * Array optimisation missing * Reduce direct access to $_SESSION except in install process * Fix session start headers warning * Use cookie only the first time the session is started: `PHP Warning: session_start(): Cannot start session when headers already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39` * New concept of volatile session for API calls Optimisation: do not use cookies or local storage at all for API calls without a Web session Fix warning: ``` PHP Warning: session_destroy(): Trying to destroy uninitialized session in Unknown on line 0 ``` * Only call Minz_Session::init once in our index It was called twice (once indirectly via FreshRSS->init()) * Whitespace * Mutex for notifications Implement mutex for notifications https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809 * Typo * Install script is not ready for using Minz_Session --- app/Controllers/authController.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'app/Controllers/authController.php') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index e7bff363e..342c577e2 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -141,9 +141,11 @@ class FreshRSS_auth_Controller extends Minz_ActionController { ); if ($ok) { // Set session parameter to give access to the user. - Minz_Session::_param('currentUser', $username); - Minz_Session::_param('passwordHash', $conf->passwordHash); - Minz_Session::_param('csrf'); + Minz_Session::_params([ + 'currentUser' => $username, + 'passwordHash' => $conf->passwordHash, + 'csrf' => false, + ]); FreshRSS_Auth::giveAccess(); // Set cookie parameter if nedded. @@ -190,9 +192,11 @@ class FreshRSS_auth_Controller extends Minz_ActionController { $ok = password_verify($password, $s); unset($password); if ($ok) { - Minz_Session::_param('currentUser', $username); - Minz_Session::_param('passwordHash', $s); - Minz_Session::_param('csrf'); + Minz_Session::_params([ + 'currentUser' => $username, + 'passwordHash' => $s, + 'csrf' => false, + ]); FreshRSS_Auth::giveAccess(); Minz_Translate::init($conf->language); -- cgit v1.2.3