72 lines
2.3 KiB
PHP
72 lines
2.3 KiB
PHP
|
<?php
|
||
|
namespace Opencart\Catalog\Controller\Startup;
|
||
|
/**
|
||
|
* Class Session
|
||
|
*
|
||
|
* @package Opencart\Catalog\Controller\Startup
|
||
|
*/
|
||
|
class Session extends \Opencart\System\Engine\Controller {
|
||
|
/**
|
||
|
* @return void
|
||
|
* @throws \Exception
|
||
|
*/
|
||
|
public function index(): void {
|
||
|
$session = new \Opencart\System\Library\Session($this->config->get('session_engine'), $this->registry);
|
||
|
$this->registry->set('session', $session);
|
||
|
|
||
|
if (isset($this->request->get['route']) && substr((string)$this->request->get['route'], 0, 4) == 'api/' && isset($this->request->get['api_token'])) {
|
||
|
$this->load->model('setting/api');
|
||
|
|
||
|
$this->model_setting_api->cleanSessions();
|
||
|
|
||
|
// Make sure the IP is allowed
|
||
|
$api_info = $this->model_setting_api->getApiByToken($this->request->get['api_token']);
|
||
|
|
||
|
if ($api_info) {
|
||
|
$this->session->start($this->request->get['api_token']);
|
||
|
|
||
|
$this->model_setting_api->updateSession($api_info['api_session_id']);
|
||
|
}
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
We are adding the session cookie outside of the session class as I believe
|
||
|
PHP messed up in a big way handling sessions. Why in the hell is it so hard to
|
||
|
have more than one concurrent session using cookies!
|
||
|
|
||
|
Is it not better to have multiple cookies when accessing parts of the system
|
||
|
that requires different cookie sessions for security reasons.
|
||
|
*/
|
||
|
|
||
|
// Update the session lifetime
|
||
|
if ($this->config->get('config_session_expire')) {
|
||
|
$this->config->set('session_expire', $this->config->get('config_session_expire'));
|
||
|
}
|
||
|
|
||
|
// Update the session SameSite
|
||
|
$this->config->set('session_samesite', $this->config->get('config_session_samesite'));
|
||
|
|
||
|
if (isset($this->request->cookie[$this->config->get('session_name')])) {
|
||
|
$session_id = $this->request->cookie[$this->config->get('session_name')];
|
||
|
} else {
|
||
|
$session_id = '';
|
||
|
}
|
||
|
|
||
|
$session->start($session_id);
|
||
|
|
||
|
$option = [
|
||
|
'expires' => time() + (int)$this->config->get('config_session_expire'),
|
||
|
'path' => $this->config->get('session_path'),
|
||
|
'secure' => $this->request->server['HTTPS'],
|
||
|
'httponly' => false,
|
||
|
'SameSite' => $this->config->get('session_samesite')
|
||
|
];
|
||
|
|
||
|
$this->response->addHeader('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
|
||
|
|
||
|
setcookie($this->config->get('session_name'), $session->getId(), $option);
|
||
|
}
|
||
|
}
|