diff options
| -rw-r--r-- | inc/auth.php | 2 | ||||
| -rw-r--r-- | inc/auth/basic.class.php | 30 |
2 files changed, 31 insertions, 1 deletions
diff --git a/inc/auth.php b/inc/auth.php index 48888da1e..5c60f8a35 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -157,7 +157,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ if($user && $pass){ // we got a cookie - see if we can trust it if(isset($session) && - ($session['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')) && + $auth->useSessionCache($user) && ($session['time'] >= time()-$conf['auth_security_timeout']) && ($session['user'] == $user) && ($session['pass'] == $pass) && //still crypted diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php index bf251bae0..c3bb9d32e 100644 --- a/inc/auth/basic.class.php +++ b/inc/auth/basic.class.php @@ -290,5 +290,35 @@ class auth_basic { return array(); } + /** + * Check Session Cache validity [implement only where required/possible] + * + * DokuWiki caches user info in the user's session for the timespan defined + * in $conf['securitytimeout']. + * + * This makes sure slow authentication backends do not slow down DokuWiki. + * This also means that changes to the user database will not be reflected + * on currently logged in users. + * + * To accommodate for this, the user manager plugin will touch a reference + * file whenever a change is submitted. This function compares the filetime + * of this reference file with the time stored in the session. + * + * This reference file mechanism does not reflect changes done directly in + * the backend's database through other means than the user manager plugin. + * + * Fast backends might want to return always false, to force rechecks on + * each page load. Others might want to use their own checking here. If + * unsure, do not override. + * + * @param string $user - The username + * @author Andreas Gohr <andi@splitbrain.org> + * @return bool + */ + function useSessionCache($user){ + global $conf; + return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); + } + } //Setup VIM: ex: et ts=2 enc=utf-8 : |