better session timeout support for AJAX requests

This commit is contained in:
Roland Gruber 2013-02-28 19:04:27 +00:00
parent 43199cd804
commit 14724b889f
2 changed files with 19 additions and 5 deletions

View File

@ -38,9 +38,12 @@ checkClientIP();
/**
* Starts a session and checks the environment.
* The script is stopped if one of the checks fail.
* The script is stopped if one of the checks fail (timeout redirection may be overriden).
*
* @param boolean $redirectToLogin redirect user to login page
* @return boolean true if all ok, false if session expired
*/
function startSecureSession() {
function startSecureSession($redirectToLogin = true) {
// start session
if (isset($_SESSION)) unset($_SESSION);
if (strtolower(session_module_name()) == 'files') {
@ -69,10 +72,14 @@ function startSecureSession() {
// ok, update time
$_SESSION['sec_sessionTime'] = time();
}
else {
elseif ($redirectToLogin) {
// session expired, logoff user
logoffAndBackToLoginPage();
}
else {
return false;
}
return true;
}
/**

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2011 - 2012 Roland Gruber
Copyright (C) 2011 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -36,7 +36,14 @@ if (isset($_GET['selfservice'])) {
// self service uses a different session name
session_name('SELFSERVICE');
}
startSecureSession();
// return standard JSON response if session expired
if (startSecureSession(false) === false) {
echo json_encode(array(
'sessionExpired' => "true"
));
die();
}
setlanguage();