diff options
author | Andreas Gohr <andi@splitbrain.org> | 2008-02-15 12:49:23 +0100 |
---|---|---|
committer | Andreas Gohr <andi@splitbrain.org> | 2008-02-15 12:49:23 +0100 |
commit | 9ec826364ada5906c775152c1f681292ffea1b92 (patch) | |
tree | 8416d7ed5c624e8273f6812c07f0157382e30530 /inc/auth.php | |
parent | d186898bc9d253d2f0227785ece22080e2005280 (diff) | |
download | rpg-9ec826364ada5906c775152c1f681292ffea1b92.tar.gz rpg-9ec826364ada5906c775152c1f681292ffea1b92.tar.bz2 |
invalidate all user session cache when userdatabase is changed FS#1085
A reference file is now stored in data/cache/sessionpurge and is used to
check if user sessions are still valid.
To accomondate for slow auth backends DokuWiki caches user info for
a certain time in the user session.
darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz
Diffstat (limited to 'inc/auth.php')
-rw-r--r-- | inc/auth.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php index d511930dc..48888da1e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -157,6 +157,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ if($user && $pass){ // we got a cookie - see if we can trust it if(isset($session) && + ($session['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')) && ($session['time'] >= time()-$conf['auth_security_timeout']) && ($session['user'] == $user) && ($session['pass'] == $pass) && //still crypted |