mirror of https://github.com/MISP/MISP
new: [session handling] Session handling fixes
- changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions - timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be validpull/4980/head
parent
769c899699
commit
539a7431a4
|
@ -104,6 +104,21 @@ class AppController extends Controller
|
|||
|
||||
public function beforeFilter()
|
||||
{
|
||||
if (!empty(Configure::read('MISP.uuid'))) {
|
||||
Configure::write('Session.cookie', 'MISP-' . Configure::read('MISP.uuid'));
|
||||
}
|
||||
if (!empty(Configure::read('Session.cookieTimeout')) || !empty(Configure::read('Session.timeout'))) {
|
||||
$session = Configure::read('Session');
|
||||
if (!empty($session['cookieTimeout'])) {
|
||||
$value = 60 * intval($session['cookieTimeout']);
|
||||
} else if (!empty($session['timeout'])) {
|
||||
$value = 60 * intval($session['timeout']);
|
||||
} else {
|
||||
$value = 3600;
|
||||
}
|
||||
$session['ini']['session.gc_maxlifetime'] = $value;
|
||||
Configure::write('Session', $session);
|
||||
}
|
||||
if (Configure::read('Security.allow_cors')) {
|
||||
// Add CORS headers
|
||||
$this->response->cors($this->request,
|
||||
|
|
Loading…
Reference in New Issue