return $id;
}
-# start a new session.
-# by default it'll expire in 24 hours regardless of activity.
-# pass both args for a session that lasts longer if active.
-# sessions are tracked with a "session cookie" (dies on browser close)
-function session_new($idle_timeout = 86400, $max_timeout = 'same_as_idle') {
- if ($max_timeout === 'same_as_idle') {
- $max_timeout = $idle_timeout;
- }
+# start a new session, tracked by a browser "session cookie".
+#
+# args:
+# $idle_timeout (seconds) session ends after this much inactivity (or up to 10% less)
+# $max_length (seconds) session ends after this long, regardless of activity
+function session_new($idle_timeout = 129600 /* 36 hours */, $max_length = 604800 /* 1 week */) {
kill_session();
$session_key = session_generate_key();
'session_key' => $session_key,
'idle_timeout' => $idle_timeout,
'expires' => $now + $idle_timeout,
- 'expires_max' => $now + $max_timeout,
+ 'expires_max' => $now + $max_length,
'value' => ''
);
'exists' => true,
'id' => $session_id,
'key' => $session_key,
- 'idle_timeout' => $row['idle_timeout'],
- 'expires' => $row['expires'],
- 'expires_max' => $row['expires_max'],
+ 'idle_timeout' => $idle_timeout,
+ 'expires' => $now + $idle_timeout,
+ 'expires_max' => $now + $max_length,
'value' => array()
);
session_set_cookie();
if ($GLOBALS['wfpl_session']['expires'] < $GLOBALS['wfpl_session']['expires_max']) {
# would this extend the session by at least 10%?
$now = time();
- $session_start = $GLOBALS['wfpl_session']['expires'] - $GLOBALS['wfpl_session']['idle_timeout'];
- if ($now > $session_start + ceil(0.1 * $GLOBALS['wfpl_session']['idle_timeout'])) {
- $expires = max(
+ $last_activity = $GLOBALS['wfpl_session']['expires'] - $GLOBALS['wfpl_session']['idle_timeout'];
+ # don't db_update if only a tiny fraction of the idle timeout has passed
+ $db_threshold = ceil(0.1 * $GLOBALS['wfpl_session']['idle_timeout']);
+ if ($now > $last_activity + $db_threshold) {
+ $expires = min(
$GLOBALS['wfpl_session']['expires_max'],
$now + $GLOBALS['wfpl_session']['idle_timeout']
);
db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['wfpl_session']['id']);
+ $GLOBALS['wfpl_session']['expires'] = $expires;
}
}
}
return false;
}
- session_purge_old();
$row = db_get_assoc('wfpl_sessions', 'id,idle_timeout,expires,expires_max,value', 'where session_key=%"', $session_key);
if($row === false) {
return false;
}
+ $now = time();
+ if ($now >= (int) $row['expires']) {
+ session_purge_old();
+ return false;
+ }
$GLOBALS['wfpl_session']['exists'] = true;
$GLOBALS['wfpl_session']['id'] = $row['id'];
- $GLOBALS['wfpl_session']['idle_timeout'] = $row['idle_timeout'];
- $GLOBALS['wfpl_session']['expires'] = $row['expires'];
- $GLOBALS['wfpl_session']['expires_max'] = $row['expires_max'];
+ $GLOBALS['wfpl_session']['idle_timeout'] = (int) $row['idle_timeout'];
+ $GLOBALS['wfpl_session']['expires'] = (int) $row['expires'];
+ $GLOBALS['wfpl_session']['expires_max'] = (int) $row['expires_max'];
$GLOBALS['wfpl_session']['key'] = $session_key;
if (strlen($row['value']) && is_array($parsed = json_decode($row['value'], true))) {