Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Better session handling fix

Browse source
This commit is contained in:
Albert Santoni 2014-06-25 11:15:14 -04:00
parent a2bef67d33
commit 15013afa40
3 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
airtime_mvc/application/models/Auth.php
View file

@ -103,11 +103,14 @@ class Application_Model_Auth
}
/** It is essential to do this before interacting with Zend_Auth otherwise sessions could be shared between
* different copies of Airtime on the same webserver. This essentially pins this session to this hostname and client ID.
* different copies of Airtime on the same webserver. This essentially pins this session to:
* - The server hostname - including subdomain so we segment multiple Airtime installs on different subdomains
* - The remote IP of the browser - to help prevent session hijacking
* - The client ID - same reason as server hostname
* @param Zend_Auth $auth Get this with Zend_Auth::getInstance().
*/
public static function pinSessionToClient($auth)
{
$auth->setStorage(new Zend_Auth_Storage_Session('Airtime' . $_SERVER['SERVER_NAME'] . Application_Model_Preference::GetClientId()));
$auth->setStorage(new Zend_Auth_Storage_Session('Airtime' . $_SERVER['SERVER_NAME'] . $_SERVER['REMOTE_ADDR'] . Application_Model_Preference::GetClientId()));
}
}