first commit
This commit is contained in:
sujan
71
catalog/controller/startup/session.php
Normal file
71
catalog/controller/startup/session.php
Normal file
@ -0,0 +1,71 @@
|
||||
<?php
|
||||
namespace Opencart\Catalog\Controller\Startup;
|
||||
/**
|
||||
* Class Session
|
||||
*
|
||||
* @package Opencart\Catalog\Controller\Startup
|
||||
*/
|
||||
class Session extends \Opencart\System\Engine\Controller {
|
||||
/**
|
||||
* @return void
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function index(): void {
|
||||
$session = new \Opencart\System\Library\Session($this->config->get('session_engine'), $this->registry);
|
||||
$this->registry->set('session', $session);
|
||||
|
||||
if (isset($this->request->get['route']) && substr((string)$this->request->get['route'], 0, 4) == 'api/' && isset($this->request->get['api_token'])) {
|
||||
$this->load->model('setting/api');
|
||||
|
||||
$this->model_setting_api->cleanSessions();
|
||||
|
||||
// Make sure the IP is allowed
|
||||
$api_info = $this->model_setting_api->getApiByToken($this->request->get['api_token']);
|
||||
|
||||
if ($api_info) {
|
||||
$this->session->start($this->request->get['api_token']);
|
||||
|
||||
$this->model_setting_api->updateSession($api_info['api_session_id']);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
We are adding the session cookie outside of the session class as I believe
|
||||
PHP messed up in a big way handling sessions. Why in the hell is it so hard to
|
||||
have more than one concurrent session using cookies!
|
||||
|
||||
Is it not better to have multiple cookies when accessing parts of the system
|
||||
that requires different cookie sessions for security reasons.
|
||||
*/
|
||||
|
||||
// Update the session lifetime
|
||||
if ($this->config->get('config_session_expire')) {
|
||||
$this->config->set('session_expire', $this->config->get('config_session_expire'));
|
||||
}
|
||||
|
||||
// Update the session SameSite
|
||||
$this->config->set('session_samesite', $this->config->get('config_session_samesite'));
|
||||
|
||||
if (isset($this->request->cookie[$this->config->get('session_name')])) {
|
||||
$session_id = $this->request->cookie[$this->config->get('session_name')];
|
||||
} else {
|
||||
$session_id = '';
|
||||
}
|
||||
|
||||
$session->start($session_id);
|
||||
|
||||
$option = [
|
||||
'expires' => time() + (int)$this->config->get('config_session_expire'),
|
||||
'path' => $this->config->get('session_path'),
|
||||
'secure' => $this->request->server['HTTPS'],
|
||||
'httponly' => false,
|
||||
'SameSite' => $this->config->get('session_samesite')
|
||||
];
|
||||
|
||||
$this->response->addHeader('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
|
||||
|
||||
setcookie($this->config->get('session_name'), $session->getId(), $option);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user