Andrew Dolgov
44c5d0feba
prolong PHP session cookie automatically to stop hard logouts after SESSION_COOKIE_LIFETIME expires
3 years ago
Andrew Dolgov
e3c4724dc1
use database-backed sessions in single user mode
4 years ago
Andrew Dolgov
fe06416f17
sessions: stop validating against hash of user agent because chromium is sending
...
different agent headers for whatever reason, example:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36
seems to be related, at least, to App.postOpenWindow() hack.
4 years ago
Andrew Dolgov
5eb0f3d640
bring back web dbupdate using new migrations system
4 years ago
Andrew Dolgov
e19570f422
sessions: don't check schema version
4 years ago
Andrew Dolgov
8b1a2406e6
userhelper: use orm for a few more user-related things
4 years ago
Andrew Dolgov
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
4 years ago
Andrew Dolgov
a1ca62af50
cache schema version better
4 years ago
Andrew Dolgov
efd196839a
stop caching schema version entirely, fix some session_start() related warnings
4 years ago
Andrew Dolgov
85095f8a53
rename TTRSS_SESSION_NAME to SESSION_NAME
4 years ago
Andrew Dolgov
2ae0b7059f
cleanup some defined-stuff
4 years ago
Andrew Dolgov
12bcf826e4
don't include config.php everywhere
4 years ago
Andrew Dolgov
e4107ac952
wip: initial for config object
4 years ago
Andrew Dolgov
be4e7b1340
fix several issues reported by phpstan
4 years ago
Andrew Dolgov
9d7ba773ec
move session-related functions to their own namespace
4 years ago
Andrew Dolgov
9f55454f63
remove the rest of db.php; rename some leftover methods in feeds
4 years ago
Andrew Dolgov
f2d3cba231
add HTTP_ACCEPT_LANGUAGE handling for php8
4 years ago
Andrew Dolgov
7874f6ac58
remove PHPMD.UnusedFormalParameter
4 years ago
Andrew Dolgov
6e774a58fe
more php8 fixes mostly related to login
4 years ago
Andrew Dolgov
da5deaaca1
set session.cookie_lifetime to 0 initially instead of a rather useless min()
4 years ago
Andrew Dolgov
57fac84516
rename gettext.inc to gettext.inc.php (cosmetic)
4 years ago
Andrew Dolgov
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
5 years ago
Andrew Dolgov
6fbf349155
add hidden _SKIP_SESSION_UA_CHECKS tunable
6 years ago
Andrew Dolgov
5f66f872b6
fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks
6 years ago
Andrew Dolgov
d246fb9fe1
remove session REMOTE_ADDR checks
6 years ago
Andrew Dolgov
5feed36a3c
do not use separate _ssl cookie for secure sessions
6 years ago
Andrew Dolgov
65e98f4086
force regenerate session id on successful login, remove previous blank SID check
6 years ago
Andrew Dolgov
74736fce0f
if empty session is autostarted because of a cookie, immediately destroy it
6 years ago
Andrew Dolgov
7d53c2b501
validate_session: bring back IP session binding (enabled by default) and UA checking
6 years ago
Andrew Dolgov
4d13514dd4
sessions: PDO
7 years ago
Andrew Dolgov
1b5b1e5fec
sessions: use is_server_https() for secure cookie setting
7 years ago
Natan Frei
e234ac8dcb
$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios
7 years ago
Andrew Dolgov
09628e1b1a
rework previous 32 bit session stuff
8 years ago
Andrew Dolgov
b465c28ee0
sessions: clip max expiry value to a 32bit integer
8 years ago
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
8 years ago
Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
8 years ago
Andrew Dolgov
33d131d699
ttrss_gc: return true
9 years ago
Andrew Dolgov
f5e66c439e
remove SESSION_CHECK_ADDRESS
9 years ago
Andrew Dolgov
ffc3a1e579
session: don't try to validate session schema version on empty sessions
10 years ago
Andrew Dolgov
3192fb43bc
do not invalidate session when version_static and user agent changes
10 years ago
Andrew Dolgov
04a8c2065f
better error reporting in session validation
12 years ago
Andrew Dolgov
3472c4c569
use static version for session checking, show latest changeset for git version instead of head date
12 years ago
Andrew Dolgov
6322ac79a0
remove $link
12 years ago
Andrew Dolgov
404e2e3603
more work on singleton-based DB
12 years ago
Andrew Dolgov
889a5f9f19
experimental SQL-based error logger
12 years ago
Andrew Dolgov
9ce7a5546c
implement some tweaks to session handling; properly remove session cookie if invalid/login failed
12 years ago
Andrew Dolgov
810205625b
session validation: check for tt-rss version
12 years ago
Andrew Dolgov
6f431804a9
remove session check/destroy stuff, looks problematic
12 years ago
Andrew Dolgov
c35b6d8e14
initialize session connection in ttrss_open but define session_connection in global context
12 years ago
Andrew Dolgov
168680976f
sessions: initialize connection on include, not in ttrss_open
12 years ago