Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
syncEnrollments
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Yeray Santana Hualde
syncEnrollments
Commits
b37c966a
Commit
b37c966a
authored
Feb 28, 2012
by
Taylor Otwell
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
improve session ID assignment to avoid possible overlaps.
Signed-off-by:
Taylor Otwell
<
taylorotwell@gmail.com
>
parent
e4c03aab
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
53 additions
and
22 deletions
+53
-22
apc.php
laravel/session/drivers/apc.php
+1
-1
cookie.php
laravel/session/drivers/cookie.php
+1
-1
database.php
laravel/session/drivers/database.php
+1
-1
driver.php
laravel/session/drivers/driver.php
+42
-5
file.php
laravel/session/drivers/file.php
+1
-1
memcached.php
laravel/session/drivers/memcached.php
+1
-1
redis.php
laravel/session/drivers/redis.php
+1
-1
payload.php
laravel/session/payload.php
+5
-11
No files found.
laravel/session/drivers/apc.php
View file @
b37c966a
<?php
namespace
Laravel\Session\Drivers
;
<?php
namespace
Laravel\Session\Drivers
;
class
APC
implement
s
Driver
{
class
APC
extend
s
Driver
{
/**
/**
* The APC cache driver instance.
* The APC cache driver instance.
...
...
laravel/session/drivers/cookie.php
View file @
b37c966a
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
use
Laravel\Crypter
;
use
Laravel\Crypter
;
class
Cookie
implement
s
Driver
{
class
Cookie
extend
s
Driver
{
/**
/**
* The name of the cookie used to store the session payload.
* The name of the cookie used to store the session payload.
...
...
laravel/session/drivers/database.php
View file @
b37c966a
...
@@ -3,7 +3,7 @@
...
@@ -3,7 +3,7 @@
use
Laravel\Config
;
use
Laravel\Config
;
use
Laravel\Database\Connection
;
use
Laravel\Database\Connection
;
class
Database
implements
Driver
,
Sweeper
{
class
Database
extends
Driver
implements
Sweeper
{
/**
/**
* The database connection.
* The database connection.
...
...
laravel/session/drivers/driver.php
View file @
b37c966a
<?php
namespace
Laravel\Session\Drivers
;
<?php
namespace
Laravel\Session\Drivers
;
use
Laravel\Config
,
Laravel\Str
;
interface
Driver
{
abstract
class
Driver
{
/**
/**
* Load a session from storage by a given ID.
* Load a session from storage by a given ID.
...
@@ -10,7 +10,7 @@ interface Driver {
...
@@ -10,7 +10,7 @@ interface Driver {
* @param string $id
* @param string $id
* @return array
* @return array
*/
*/
public
function
load
(
$id
);
abstract
public
function
load
(
$id
);
/**
/**
* Save a given session to storage.
* Save a given session to storage.
...
@@ -20,7 +20,7 @@ interface Driver {
...
@@ -20,7 +20,7 @@ interface Driver {
* @param bool $exists
* @param bool $exists
* @return void
* @return void
*/
*/
public
function
save
(
$session
,
$config
,
$exists
);
abstract
public
function
save
(
$session
,
$config
,
$exists
);
/**
/**
* Delete a session from storage by a given ID.
* Delete a session from storage by a given ID.
...
@@ -28,6 +28,43 @@ interface Driver {
...
@@ -28,6 +28,43 @@ interface Driver {
* @param string $id
* @param string $id
* @return void
* @return void
*/
*/
public
function
delete
(
$id
);
abstract
public
function
delete
(
$id
);
/**
* Insert a fresh session and return the payload array.
*
* @return array
*/
public
function
fresh
()
{
// We will simply generate an empty session payload array, using an ID
// that is not currently assigned to any existing session within the
// application and return it to the driver.
return
array
(
'id'
=>
$this
->
id
(),
'data'
=>
array
(
':new:'
=>
array
(),
':old:'
=>
array
(),
));
}
/**
* Get a new session ID that isn't assigned to any current session.
*
* @return string
*/
public
function
id
()
{
$session
=
array
();
// We'll containue generating random IDs until we find an ID that is
// not currently assigned to a session. This is almost definitely
// going to happen on the first iteration.
do
{
$session
=
$this
->
load
(
$id
=
Str
::
random
(
40
));
}
while
(
!
is_null
(
$session
));
return
$id
;
}
}
}
\ No newline at end of file
laravel/session/drivers/file.php
View file @
b37c966a
<?php
namespace
Laravel\Session\Drivers
;
<?php
namespace
Laravel\Session\Drivers
;
class
File
implements
Driver
,
Sweeper
{
class
File
extends
Driver
implements
Sweeper
{
/**
/**
* The path to which the session files should be written.
* The path to which the session files should be written.
...
...
laravel/session/drivers/memcached.php
View file @
b37c966a
<?php
namespace
Laravel\Session\Drivers
;
<?php
namespace
Laravel\Session\Drivers
;
class
Memcached
implement
s
Driver
{
class
Memcached
extend
s
Driver
{
/**
/**
* The Memcache cache driver instance.
* The Memcache cache driver instance.
...
...
laravel/session/drivers/redis.php
View file @
b37c966a
<?php
namespace
Laravel\Session\Drivers
;
<?php
namespace
Laravel\Session\Drivers
;
class
Redis
implement
s
Driver
{
class
Redis
extend
s
Driver
{
/**
/**
* The Redis cache driver instance.
* The Redis cache driver instance.
...
...
laravel/session/payload.php
View file @
b37c966a
...
@@ -54,22 +54,17 @@ class Payload {
...
@@ -54,22 +54,17 @@ class Payload {
// If the session doesn't exist or is invalid we will create a new session
// If the session doesn't exist or is invalid we will create a new session
// array and mark the session as being non-existent. Some drivers, such as
// array and mark the session as being non-existent. Some drivers, such as
// the database driver, need to know whether the session exists in storage
// the database driver, need to know whether it exists.
// so they can know whether to insert or update the session.
if
(
is_null
(
$this
->
session
)
or
static
::
expired
(
$this
->
session
))
if
(
is_null
(
$this
->
session
)
or
static
::
expired
(
$this
->
session
))
{
{
$this
->
exists
=
false
;
$this
->
exists
=
false
;
$this
->
session
=
array
(
'id'
=>
Str
::
random
(
40
),
'data'
=>
array
(
$this
->
session
=
$this
->
driver
->
fresh
();
':new:'
=>
array
(),
':old:'
=>
array
(),
));
}
}
// A CSRF token is stored in every session. The token is used by the Form
// A CSRF token is stored in every session. The token is used by the Form
// class and the "csrf" filter to protect the application from cross-site
// class and the "csrf" filter to protect the application from cross-site
// request forgery attacks. The token is simply a long, random string
// request forgery attacks. The token is simply a random string.
// which should be posted with each request to the application.
if
(
!
$this
->
has
(
Session
::
csrf_token
))
if
(
!
$this
->
has
(
Session
::
csrf_token
))
{
{
$this
->
put
(
Session
::
csrf_token
,
Str
::
random
(
40
));
$this
->
put
(
Session
::
csrf_token
,
Str
::
random
(
40
));
...
@@ -125,8 +120,7 @@ class Payload {
...
@@ -125,8 +120,7 @@ class Payload {
// We check for the item in the general session data first, and if it
// We check for the item in the general session data first, and if it
// does not exist in that data, we will attempt to find it in the new
// does not exist in that data, we will attempt to find it in the new
// and old flash data. If none of those arrays contain the requested
// and old flash data, or finally return the default value.
// item, we will just return the default value.
if
(
!
is_null
(
$value
=
array_get
(
$session
,
$key
)))
if
(
!
is_null
(
$value
=
array_get
(
$session
,
$key
)))
{
{
return
$value
;
return
$value
;
...
@@ -247,7 +241,7 @@ class Payload {
...
@@ -247,7 +241,7 @@ class Payload {
*/
*/
public
function
regenerate
()
public
function
regenerate
()
{
{
$this
->
session
[
'id'
]
=
Str
::
random
(
40
);
$this
->
session
[
'id'
]
=
$this
->
driver
->
id
(
);
$this
->
exists
=
false
;
$this
->
exists
=
false
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment