[Phplib-commit] CVS: php-lib-stable/php session.inc,1.9,1.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv24380

Modified Files:
	session.inc 
Log Message:
Merge in changes from -devel tree as well as some bug fixes:
Set garbage collection probability to 5
Remove session ID from QUERY_STRING in get_id() if in cookie mode
New structure put_id() from -devel. Should behave the same
url() removes session ID from GET string before adding another
$str in serialize() changed to call by reference
Remove extraneous gc() function
Add $sid to parameters for release_token (was passed a sid!)
Check POST vars for session ID as well as GET vars in release_token()
 -- were checking both in get_id()
Call release_token() before put_headers() in start (from -devel).
change $this->in to be 0 or 1 rather than false or 1

Index: session.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/session.inc,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** session.inc	2001/08/18 02:45:47	1.9
--- session.inc	2001/08/18 09:42:59	1.10
***************
*** 25,29 ****
  
    var $gc_time  = 1440;               ## Purge all session data older than 1440 minutes.
!   var $gc_probability = 1;            ## Garbage collect probability in percent
  
    var $auto_init = "";                ## Name of the autoinit-File, if any.
--- 25,29 ----
  
    var $gc_time  = 1440;               ## Purge all session data older than 1440 minutes.
!   var $gc_probability = 5;            ## Garbage collect probability in percent
  
    var $auto_init = "";                ## Name of the autoinit-File, if any.
***************
*** 45,49 ****
  
    var $pt = array();                  ## This Array contains the registered things
!   var $in = false;                    ## Marker: Did we already include the autoinit file?
  
    ## register($things):
--- 45,49 ----
  
    var $pt = array();                  ## This Array contains the registered things
!   var $in = 0;                        ## Marker: Did we already include the autoinit file?
  
    ## register($things):
***************
*** 95,100 ****
        switch ($this->mode) {
          case "get":
!           if ("" == ($id = isset($HTTP_GET_VARS[$this->name]) ? $HTTP_GET_VARS[$this->name] : ""))
!             $id = isset($HTTP_POST_VARS[$this->name]) ? $HTTP_POST_VARS[$this->name] : "";
          break;
          case "cookie":
--- 95,103 ----
        switch ($this->mode) {
          case "get":
!           $id = isset($HTTP_GET_VARS[$this->name]) ?
!                 $HTTP_GET_VARS[$this->name] :
!                 ( isset($HTTP_POST_VARS[$this->name]) ?
!                 $HTTP_POST_VARS[$this->name] :
!                 "") ;
          break;
          case "cookie":
***************
*** 121,127 ****
            SetCookie($this->name, $id, time()+$this->lifetime*60, "/", $this->cookie_domain);
          }
        break;
        case "get":
!         if ( isset($QUERY_STRING) ) {
            $QUERY_STRING = ereg_replace(
              "(^|&)".quotemeta(urlencode($this->name))."=".$id."(&|$)",
--- 124,137 ----
            SetCookie($this->name, $id, time()+$this->lifetime*60, "/", $this->cookie_domain);
          }
+ 
+         // Remove session ID info from QUERY String - it is in cookie
+         if ( isset($QUERY_STRING) && ("" != $QUERY_STRING) ) {
+           $QUERY_STRING = ereg_replace(
+             "(^|&)".quotemeta(urlencode($this->name))."=".$id."(&|$)",
+             "\\1", $QUERY_STRING);
+         }
        break;
        case "get":
!         if ( isset($QUERY_STRING) && ("" != $QUERY_STRING) ) {
            $QUERY_STRING = ereg_replace(
              "(^|&)".quotemeta(urlencode($this->name))."=".$id."(&|$)",
***************
*** 143,160 ****
      global $HTTP_COOKIE_VARS;
  
-     $this->name = $this->cookiename==""?$this->classname:$this->cookiename;
- 
      switch ($this->mode) {
!       case "inline":
!         die("This has not been coded yet.");
!       break;
! 
!       case "get":
!         die("This has not been coded yet.");
        break;
  
        default:
!             SetCookie($this->name, "", 0, "/", $this->cookie_domain);
!             $HTTP_COOKIE_VARS[$this->name] = "";
        break;
      }
--- 153,165 ----
      global $HTTP_COOKIE_VARS;
  
      switch ($this->mode) {
!       case "cookie":
!         $this->name = $this->cookiename == "" ? $this->classname : $this->cookiename;
!         SetCookie($this->name, "", 0, "/", $this->cookie_domain);
!         $HTTP_COOKIE_VARS[$this->name] = "";
        break;
  
        default:
!         // do nothing. We don't need to die for modes other than cookie here.
        break;
      }
***************
*** 176,179 ****
--- 181,190 ----
  
    function url($url) {
+     // Remove existing session info from url
+     $url = ereg_replace(
+       "([&?])".quotemeta(urlencode($this->name))."=".$this->id."(&|$)",
+       "\\1", $url);
+ 
+     // Remove trailing ?/& if needed
      $url=ereg_replace("[&?]+$", "", $url);
  
***************
*** 244,248 ****
    ## to be saved as an array of strings).
  
!   function serialize($var, $str) {
      static $t,$l,$k;
  
--- 255,259 ----
    ## to be saved as an array of strings).
  
!   function serialize($var, &$str) {
      static $t,$l,$k;
  
***************
*** 326,338 ****
  
    ##
-   ## Garbage collection
-   ##
-   ## Destroy all session data older than this
-   ##
-   function gc() {
-       $this->that->ac_gc($this->gc_time, $this->name);
-   }
- 
-   ##
    ## Variable precedence functions
    ##
--- 337,340 ----
***************
*** 376,381 ****
    }
  
!   function release_token() {
!     global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, 
             $HTTP_HOST, $HTTPS;
  
--- 378,383 ----
    }
  
!   function release_token($sid = "") {
!     global $HTTP_COOKIE_VARS, $HTTP_POST_VARS, $HTTP_GET_VARS,
             $HTTP_HOST, $HTTPS;
  
***************
*** 385,401 ****
        && (! isset($HTTP_COOKIE_VARS[$this->name])) ) {
  
!       // Looks like no cookie here - check GET params
!       if (isset($HTTP_GET_VARS[$this->name])) {
!         // Session info passed via GET - go to fallback_mode
          $this->mode = $this->fallback_mode;
        } else {
          // It seems to be the first load of this page -
!         // no cookie and no GET params
! 
!         header("Status: 302 Moved Temporarily");
!         
!         if (!isset($sid)) {
!           $sid='';
!         }
  
          // Generate session ID and setup cookie.
--- 387,398 ----
        && (! isset($HTTP_COOKIE_VARS[$this->name])) ) {
  
!       // Looks like no cookie here - check GET/POST params
!       if ( isset($HTTP_GET_VARS[$this->name])
!         || isset($HTTP_POST_VARS[$this->name]) ) {
!         // Session info passed via GET/POST - go to fallback_mode
          $this->mode = $this->fallback_mode;
        } else {
          // It seems to be the first load of this page -
!         // no cookie and no GET/POST params
  
          // Generate session ID and setup cookie.
***************
*** 412,415 ****
--- 409,413 ----
            $PROTOCOL='http';
          }
+         header("Status: 302 Moved Temporarily");
          header("Location: ". $PROTOCOL. "://".$HTTP_HOST.$this->self_url());
          exit;
***************
*** 486,491 ****
      $this->set_container();
      $this->set_tokenname();
-     $this->release_token($sid);
      $this->put_headers();
      $this->get_id($sid);
      $this->thaw();
--- 484,489 ----
      $this->set_container();
      $this->set_tokenname();
      $this->put_headers();
+     $this->release_token($sid);
      $this->get_id($sid);
      $this->thaw();