better session timeout support for AJAX requests
This commit is contained in:
parent
43199cd804
commit
14724b889f
|
@ -38,9 +38,12 @@ checkClientIP();
|
|||
|
||||
/**
|
||||
* Starts a session and checks the environment.
|
||||
* The script is stopped if one of the checks fail.
|
||||
* The script is stopped if one of the checks fail (timeout redirection may be overriden).
|
||||
*
|
||||
* @param boolean $redirectToLogin redirect user to login page
|
||||
* @return boolean true if all ok, false if session expired
|
||||
*/
|
||||
function startSecureSession() {
|
||||
function startSecureSession($redirectToLogin = true) {
|
||||
// start session
|
||||
if (isset($_SESSION)) unset($_SESSION);
|
||||
if (strtolower(session_module_name()) == 'files') {
|
||||
|
@ -69,10 +72,14 @@ function startSecureSession() {
|
|||
// ok, update time
|
||||
$_SESSION['sec_sessionTime'] = time();
|
||||
}
|
||||
else {
|
||||
elseif ($redirectToLogin) {
|
||||
// session expired, logoff user
|
||||
logoffAndBackToLoginPage();
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2011 - 2012 Roland Gruber
|
||||
Copyright (C) 2011 - 2013 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -36,7 +36,14 @@ if (isset($_GET['selfservice'])) {
|
|||
// self service uses a different session name
|
||||
session_name('SELFSERVICE');
|
||||
}
|
||||
startSecureSession();
|
||||
|
||||
// return standard JSON response if session expired
|
||||
if (startSecureSession(false) === false) {
|
||||
echo json_encode(array(
|
||||
'sessionExpired' => "true"
|
||||
));
|
||||
die();
|
||||
}
|
||||
|
||||
setlanguage();
|
||||
|
||||
|
|
Loading…
Reference in New Issue