ttrss

mirror of https://tt-rss.org/git/tt-rss.git synced 2024-06-25 11:57:42 +02:00

Author	SHA1	Message	Date
Andrew Dolgov	6fbf349155	add hidden _SKIP_SESSION_UA_CHECKS tunable	2019-04-11 16:15:55 +03:00
Andrew Dolgov	5f66f872b6	fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks	2018-10-16 14:07:42 +03:00
Andrew Dolgov	d246fb9fe1	remove session REMOTE_ADDR checks	2018-10-16 12:12:07 +03:00
Andrew Dolgov	5feed36a3c	do not use separate _ssl cookie for secure sessions	2018-10-15 15:48:37 +03:00
Andrew Dolgov	65e98f4086	force regenerate session id on successful login, remove previous blank SID check	2018-10-15 15:47:50 +03:00
Andrew Dolgov	74736fce0f	if empty session is autostarted because of a cookie, immediately destroy it	2018-10-15 14:53:35 +03:00
Andrew Dolgov	7d53c2b501	validate_session: bring back IP session binding (enabled by default) and UA checking	2018-10-15 08:26:07 +03:00
Andrew Dolgov	4d13514dd4	sessions: PDO	2017-12-01 14:48:23 +03:00
Andrew Dolgov	1b5b1e5fec	sessions: use is_server_https() for secure cookie setting	2017-07-17 07:33:43 +03:00
Natan Frei	e234ac8dcb	$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios	2017-07-17 00:44:48 +03:00
Andrew Dolgov	09628e1b1a	rework previous 32 bit session stuff	2017-07-13 14:40:30 +03:00
Andrew Dolgov	b465c28ee0	sessions: clip max expiry value to a 32bit integer	2017-07-13 08:57:07 +03:00
Andrew Dolgov	ea79a0e033	remove some redundant php closing tags	2017-04-26 20:24:18 +03:00
Andrew Dolgov	7b55001eee	fix various issues reported by static analysis update gitlab-ci config	2017-04-26 15:29:22 +03:00
Andrew Dolgov	33d131d699	ttrss_gc: return true	2015-12-07 15:25:31 +03:00
Andrew Dolgov	f5e66c439e	remove SESSION_CHECK_ADDRESS	2015-08-21 09:02:16 +03:00
Andrew Dolgov	ffc3a1e579	session: don't try to validate session schema version on empty sessions	2015-01-31 18:48:11 +03:00
Andrew Dolgov	3192fb43bc	do not invalidate session when version_static and user agent changes	2015-01-30 13:14:19 +03:00
Andrew Dolgov	04a8c2065f	better error reporting in session validation	2013-07-06 12:05:52 +04:00
Andrew Dolgov	3472c4c569	use static version for session checking, show latest changeset for git version instead of head date	2013-04-24 16:57:24 +04:00
Andrew Dolgov	6322ac79a0	remove $link	2013-04-17 16:48:41 +04:00
Andrew Dolgov	404e2e3603	more work on singleton-based DB	2013-04-17 15:36:48 +04:00
Andrew Dolgov	889a5f9f19	experimental SQL-based error logger	2013-04-16 19:41:31 +04:00
Andrew Dolgov	9ce7a5546c	implement some tweaks to session handling; properly remove session cookie if invalid/login failed	2013-04-04 15:33:14 +04:00
Andrew Dolgov	810205625b	session validation: check for tt-rss version	2013-04-04 12:55:15 +04:00
Andrew Dolgov	6f431804a9	remove session check/destroy stuff, looks problematic	2013-04-03 19:13:23 +04:00
Andrew Dolgov	c35b6d8e14	initialize session connection in ttrss_open but define session_connection in global context	2013-04-02 14:04:47 +04:00
Andrew Dolgov	168680976f	sessions: initialize connection on include, not in ttrss_open	2013-04-02 13:58:08 +04:00
Ryan Parrish	f4bae03a6e	Merge branch 'master' of https://github.com/stickystyle/Tiny-Tiny-RSS	2013-04-01 10:41:20 -04:00
Ryan Parrish	7081aaa09b	add missing gettext libs	2013-04-01 10:40:28 -04:00
Andrew Dolgov	837ec70e3e	validate_session: check for user agent	2013-04-01 18:22:07 +04:00
Andrew Dolgov	e9b7469233	validate session on startup	2013-03-31 13:10:46 +04:00
Andrew Dolgov	8f49a2257b	fix stuff broken by previous pull	2013-03-29 19:20:46 +04:00
all	48ec0b8526	Check that $_SESSION["uid"] is defined before checking value	2013-03-29 15:17:38 +01:00
Andrew Dolgov	2137d67496	sessions: properly check for cookie being set	2013-03-28 12:40:56 +04:00
Andrew Dolgov	6cfd3c149c	remove SESSION_EXPIRE_TIME	2013-03-28 10:06:16 +04:00
Andrew Dolgov	f231f438ba	reimplement remember_me	2013-03-28 09:48:58 +04:00
Andrew Dolgov	60ed4c9ad5	add yet another workaround for stuck login due to session cookies	2013-03-28 09:09:41 +04:00
Andrew Dolgov	5160620c8a	only autostart session if login cookie exists	2013-03-28 08:06:21 +04:00
Andrew Dolgov	3972bf5981	db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()	2013-03-22 09:14:55 +04:00
Andrew Dolgov	5c81e817d3	enable mysql db session support	2013-03-21 21:52:20 +04:00
Andrew Dolgov	0295919648	attempt fix db_escape_string() invocation in sessions.php	2013-03-21 21:42:11 +04:00
Andrew Dolgov	acfbab375d	mute warnings caused by session_start() to deal with potential ps_files_cleanup_dir stuff	2013-02-19 16:56:43 +04:00
Andrew Dolgov	6addc13f46	sessions: prevent HTTPS warning	2013-01-22 19:21:40 +04:00
Andrew Dolgov	964f153371	api: use tt-rss session storage	2012-09-19 12:45:01 +04:00
Andrew Dolgov	09e8bdfd18	simplify default global config, expand sanity_check messages	2011-12-13 19:20:26 +04:00
Andrew Dolgov	107d0cf39e	overall directory tree cleanup	2011-12-11 23:59:25 +04:00

47 Commits