From: <de...@de...> - 2007-01-31 18:50:54
|
Author: KennethLavrsen Date: 2007-01-31 12:50:39 -0600 (Wed, 31 Jan 2007) New Revision: 12696 Modified: twiki/branches/Patch04x01/lib/TWiki/Client.pm Log: Item3523: Simplification of session expiry code This code is based only on mtime which is much faster and much safer as we never read the session files Modified: twiki/branches/Patch04x01/lib/TWiki/Client.pm =================================================================== --- twiki/branches/Patch04x01/lib/TWiki/Client.pm 2007-01-31 18:43:03 UTC (rev 12695) +++ twiki/branches/Patch04x01/lib/TWiki/Client.pm 2007-01-31 18:50:39 UTC (rev 12696) @@ -371,45 +371,27 @@ =cut sub expireDeadSessions { - my $time = time() || 0; + my $time = time() || 0; my $exp = $TWiki::cfg{Sessions}{ExpireAfter} || 36000; # 10 hours $exp = -$exp if $exp < 0; - opendir(D, $TWiki::cfg{Sessions}{Dir}) || return; - foreach my $file ( grep { /^(passthru|cgisess)_[0-9a-f]{32}/ } readdir(D) ) { + opendir(D, $TWiki::cfg{Sessions}{Dir}) || return; + foreach my $file ( grep { /^(passthru|cgisess)_[0-9a-f]{32}/ } readdir(D) ) { $file = TWiki::Sandbox::untaintUnchecked( $TWiki::cfg{Sessions}{Dir}.'/'.$file ); - my @stat = stat( $file ); - # Kill old files. - # Ignore tiny new files. They can't be complete sessions. - if( defined($stat[7]) ) { - my $lat = $stat[8] || $stat[9] || $stat[10] || 0; - unlink $file if( $time - $lat >= $exp ); - next; - } - - # Just kill passthru files - next if $file =~ /^passthru_/; - - open(F, $file) || next; - my $session = <F>; - close F; - - # SMELL: security hazard? - $session = TWiki::Sandbox::untaintUnchecked( $session ); - - my $D; - eval $session; - next if ( $@ ); - # The session is expired if it is empty, hasn't been accessed in ages - # or has exceeded its registered expiry time. - if( !$D || $time >= $D->{_SESSION_ATIME} + $exp || - $D->{_SESSION_ETIME} && $time >= $D->{_SESSION_ETIME} ) { - unlink( $file ); - next; - } - } - closedir D; + my @stat = stat( $file ); + # CGI::Session updates the session file each time a browser views a + # topic setting the access and expiry time as values in the file. This + # also sets the mtime (modification time) for the file which is all we need. + # We know that the expiry time is mtime + $TWiki::cfg{Sessions}{ExpireAfter} + # so we do not need to waste execution time opening and reading the file. + # We just check the mtime. mtime is confirmed set in both Windows and Linux + # As a fallback we also check ctime. Files are deleted when they expire. + my $lat = $stat[9] || $stat[10] || 0; + unlink $file if ( $time - $lat >= $exp ); + next; + } + closedir D; } =pod |