users now allowed to have multiple sessions but not multiple remember me cookies...

author cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>

Wed, 4 Nov 2009 12:25:44 +0000 (12:25 +0000)

committer cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>

Wed, 4 Nov 2009 12:25:44 +0000 (12:25 +0000)
author cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Wed, 4 Nov 2009 12:25:44 +0000 (12:25 +0000)
committer cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Wed, 4 Nov 2009 12:25:44 +0000 (12:25 +0000)
diff --git a/CHANGES.txt b/CHANGES.txt

index 41b69507576823196d76c74677c9fb2c2e0a5100..0bc2b1d1b86415fef69d4228c9617b32e69fbecd 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -6,6 +6,7 @@ http://code.elgg.org/elgg/.....
    * UTF8 now saved correctly in database. #1151
    * Unit tests added to System diagnostics.
    * Debug values output to screen when enabled in admin settings.
+  * Users can now log in from multiple computers or browsers concurrently
  
   Bugfixes:
    * Searching by tag with extended characters now works. #1151, #1231
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php

index 914f3701a39b2acc54e7de23d650a3cd1cff6b0a..7a6250afb012b8990426b591082ad2d96797e016 100644 (file)
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -378,13 +378,11 @@ function login(ElggUser $user, $persistent = false) {
         $_SESSION['username'] = $user->username;
         $_SESSION['name'] = $user->name;
  
-       $code = (md5($user->name . $user->username . time() . rand()));
-
-       $user->code = md5($code);
-
-       $_SESSION['code'] = $code;
-
+       // if remember me checked, set cookie with token and store token on user
         if (($persistent)) {
+               $code = (md5($user->name . $user->username . time() . rand()));
+               $_SESSION['code'] = $code;
+               $user->code = md5($code);
                 setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
         }
  
@@ -507,46 +505,35 @@ function session_init($event, $object_type, $object) {
                 $_SESSION['__elgg_session'] = md5(microtime().rand());
         }
  
+       // test whether we have a user session
         if (empty($_SESSION['guid'])) {
+
+               // clear session variables before checking cookie
+               unset($_SESSION['user']);
+               unset($_SESSION['id']);
+               unset($_SESSION['guid']);
+               unset($_SESSION['code']);
+               
+               // is there a remember me cookie
                 if (isset($_COOKIE['elggperm'])) {
+                       // we have a cookie, so try to log the user in
                         $code = $_COOKIE['elggperm'];
                         $code = md5($code);
-                       unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
-                       unset($_SESSION['id']);//$_SESSION['id'] = 0;
                         if ($user = get_user_by_code($code)) {
+                               // we have a user, log him in
                                 $_SESSION['user'] = $user;
                                 $_SESSION['id'] = $user->getGUID();
                                 $_SESSION['guid'] = $_SESSION['id'];
                                 $_SESSION['code'] = $_COOKIE['elggperm'];
                         }
-               } else {
-                       unset($_SESSION['id']); //$_SESSION['id'] = 0;
-                       unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
-                       unset($_SESSION['code']);//$_SESSION['code'] = "";
-               }
+               } 
         } else {
-               if (!empty($_SESSION['code'])) {
-                       $code = md5($_SESSION['code']);
-                       if ($user = get_user_by_code($code)) {
-                               $_SESSION['user'] = $user;
-                               $_SESSION['id'] = $user->getGUID();
-                                               $_SESSION['guid'] = $_SESSION['id'];
-                       } else {
-                               unset($_SESSION['user']);
-                               unset($_SESSION['id']); //$_SESSION['id'] = 0;
-                               unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
-                               unset($_SESSION['code']);//$_SESSION['code'] = "";
-                       }
-               } else {
-                       //$_SESSION['user'] = new ElggDummy();
-                       unset($_SESSION['id']); //$_SESSION['id'] = 0;
-                       unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
-                       unset($_SESSION['code']);//$_SESSION['code'] = "";
-               }
+               // we have a session and we have already checked the fingerprint
+               // no need to load user data because it should already be in the session
         }
  
-       if ($_SESSION['id'] > 0) {
-               set_last_action($_SESSION['id']);
+       if (isset($_SESSION['guid'])) {
+               set_last_action($_SESSION['guid']);
         }
  
         register_action("login",true);
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Wed, 4 Nov 2009 12:25:44 +0000 (12:25 +0000)
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Wed, 4 Nov 2009 12:25:44 +0000 (12:25 +0000)
CHANGES.txt		patch \| blob \| history
engine/lib/sessions.php		patch \| blob \| history