MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [session handling] Session handling fixes 

- changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions
- timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
pull/4980/head
iglocska 2019-08-09 14:41:17 +02:00
parent 769c899699
commit 539a7431a4
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/AppController.php
View File

@ -104,6 +104,21 @@ class AppController extends Controller
public function beforeFilter()
{
if (!empty(Configure::read('MISP.uuid'))) {
Configure::write('Session.cookie', 'MISP-' . Configure::read('MISP.uuid'));
}
if (!empty(Configure::read('Session.cookieTimeout')) || !empty(Configure::read('Session.timeout'))) {
$session = Configure::read('Session');
if (!empty($session['cookieTimeout'])) {
$value = 60 * intval($session['cookieTimeout']);
} else if (!empty($session['timeout'])) {
$value = 60 * intval($session['timeout']);
} else {
$value = 3600;
}
$session['ini']['session.gc_maxlifetime'] = $value;
Configure::write('Session', $session);
}
if (Configure::read('Security.allow_cors')) {
// Add CORS headers
$this->response->cors($this->request,