Commit Graph

69 Commits (master)

Author SHA1 Message Date
Andrew Dolgov 44c5d0feba prolong PHP session cookie automatically to stop hard logouts after SESSION_COOKIE_LIFETIME expires 3 years ago
Andrew Dolgov e3c4724dc1 use database-backed sessions in single user mode 4 years ago
Andrew Dolgov fe06416f17 sessions: stop validating against hash of user agent because chromium is sending
different agent headers for whatever reason, example:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36

Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36

seems to be related, at least, to App.postOpenWindow() hack.
4 years ago
Andrew Dolgov 5eb0f3d640 bring back web dbupdate using new migrations system 4 years ago
Andrew Dolgov e19570f422 sessions: don't check schema version 4 years ago
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 4 years ago
Andrew Dolgov 7ef72fe0dc move startup checks to Config, set a bunch of @deprecated annotations 4 years ago
Andrew Dolgov a1ca62af50 cache schema version better 4 years ago
Andrew Dolgov efd196839a stop caching schema version entirely, fix some session_start() related warnings 4 years ago
Andrew Dolgov 85095f8a53 rename TTRSS_SESSION_NAME to SESSION_NAME 4 years ago
Andrew Dolgov 2ae0b7059f cleanup some defined-stuff 4 years ago
Andrew Dolgov 12bcf826e4 don't include config.php everywhere 4 years ago
Andrew Dolgov e4107ac952 wip: initial for config object 4 years ago
Andrew Dolgov be4e7b1340 fix several issues reported by phpstan 4 years ago
Andrew Dolgov 9d7ba773ec move session-related functions to their own namespace 4 years ago
Andrew Dolgov 9f55454f63 remove the rest of db.php; rename some leftover methods in feeds 4 years ago
Andrew Dolgov f2d3cba231 add HTTP_ACCEPT_LANGUAGE handling for php8 4 years ago
Andrew Dolgov 7874f6ac58 remove PHPMD.UnusedFormalParameter 4 years ago
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 4 years ago
Andrew Dolgov da5deaaca1 set session.cookie_lifetime to 0 initially instead of a rather useless min() 4 years ago
Andrew Dolgov 57fac84516 rename gettext.inc to gettext.inc.php (cosmetic) 4 years ago
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 5 years ago
Andrew Dolgov 6fbf349155 add hidden _SKIP_SESSION_UA_CHECKS tunable 6 years ago
Andrew Dolgov 5f66f872b6 fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks 6 years ago
Andrew Dolgov d246fb9fe1 remove session REMOTE_ADDR checks 6 years ago
Andrew Dolgov 5feed36a3c do not use separate _ssl cookie for secure sessions 6 years ago
Andrew Dolgov 65e98f4086 force regenerate session id on successful login, remove previous blank SID check 6 years ago
Andrew Dolgov 74736fce0f if empty session is autostarted because of a cookie, immediately destroy it 6 years ago
Andrew Dolgov 7d53c2b501 validate_session: bring back IP session binding (enabled by default) and UA checking 6 years ago
Andrew Dolgov 4d13514dd4 sessions: PDO 7 years ago
Andrew Dolgov 1b5b1e5fec sessions: use is_server_https() for secure cookie setting 7 years ago
Natan Frei e234ac8dcb $_SERVER['HTTPS'] can be exists and 'off' for non-https connectios 7 years ago
Andrew Dolgov 09628e1b1a rework previous 32 bit session stuff 7 years ago
Andrew Dolgov b465c28ee0 sessions: clip max expiry value to a 32bit integer 7 years ago
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 8 years ago
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
8 years ago
Andrew Dolgov 33d131d699 ttrss_gc: return true 9 years ago
Andrew Dolgov f5e66c439e remove SESSION_CHECK_ADDRESS 9 years ago
Andrew Dolgov ffc3a1e579 session: don't try to validate session schema version on empty sessions 10 years ago
Andrew Dolgov 3192fb43bc do not invalidate session when version_static and user agent changes 10 years ago
Andrew Dolgov 04a8c2065f better error reporting in session validation 12 years ago
Andrew Dolgov 3472c4c569 use static version for session checking, show latest changeset for git version instead of head date 12 years ago
Andrew Dolgov 6322ac79a0 remove $link 12 years ago
Andrew Dolgov 404e2e3603 more work on singleton-based DB 12 years ago
Andrew Dolgov 889a5f9f19 experimental SQL-based error logger 12 years ago
Andrew Dolgov 9ce7a5546c implement some tweaks to session handling; properly remove session cookie if invalid/login failed 12 years ago
Andrew Dolgov 810205625b session validation: check for tt-rss version 12 years ago
Andrew Dolgov 6f431804a9 remove session check/destroy stuff, looks problematic 12 years ago
Andrew Dolgov c35b6d8e14 initialize session connection in ttrss_open but define session_connection in global context 12 years ago
Andrew Dolgov 168680976f sessions: initialize connection on include, not in ttrss_open 12 years ago