From: Tim Düsterhus Date: Fri, 25 Mar 2016 19:54:10 +0000 (+0100) Subject: Redefine 'supportsVirtualSessions' to mean: Only one virtual session X-Git-Tag: 3.0.0_Beta_1~1968^2~2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=945667b754c87b0b62eceeb1ff198661b8cb842a;p=GitHub%2FWoltLab%2FWCF.git Redefine 'supportsVirtualSessions' to mean: Only one virtual session A virtual session now is created in every case. --- diff --git a/wcfsetup/install/files/lib/data/acp/session/ACPSession.class.php b/wcfsetup/install/files/lib/data/acp/session/ACPSession.class.php index 3f30b6546e..cb8061bad1 100644 --- a/wcfsetup/install/files/lib/data/acp/session/ACPSession.class.php +++ b/wcfsetup/install/files/lib/data/acp/session/ACPSession.class.php @@ -1,6 +1,7 @@ prepareStatement($sql); + $statement->execute(array($userID)); + $row = $statement->fetchArray(); + + if ($row === false) { + return null; + } + + return new static(null, $row); + } } diff --git a/wcfsetup/install/files/lib/data/session/Session.class.php b/wcfsetup/install/files/lib/data/session/Session.class.php index 4ab4d5ac86..f9778e6014 100644 --- a/wcfsetup/install/files/lib/data/session/Session.class.php +++ b/wcfsetup/install/files/lib/data/session/Session.class.php @@ -1,7 +1,6 @@ prepareStatement($sql); - $statement->execute(array($userID)); - $row = $statement->fetchArray(); - - if ($row === false) { - return null; - } - - return new static(null, $row); - } } diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index c4d200189a..6d5489d1be 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -442,28 +442,26 @@ class SessionHandler extends SingletonFactory { protected function loadVirtualSession($forceReload = false) { if ($this->virtualSession === null || $forceReload) { $this->virtualSession = null; - if ($this->supportsVirtualSessions) { - if (class_exists(WCFACP::class, false)) { - $virtualSessionAction = new ACPSessionVirtualAction(array(), 'create', array('data' => array('sessionID' => $this->session->sessionID))); - } - else { - $virtualSessionAction = new SessionVirtualAction(array(), 'create', array('data' => array('sessionID' => $this->session->sessionID))); - } - - try { - $returnValues = $virtualSessionAction->executeAction(); - $this->virtualSession = $returnValues['returnValues']; - } - catch (DatabaseException $e) { - // MySQL error 23000 = unique key - // do not check against the message itself, some weird systems localize them - if ($e->getCode() == 23000) { - if (class_exists(WCFACP::class, false)) { - $this->virtualSession = ACPSessionVirtual::getExistingSession($this->session->sessionID); - } - else { - $this->virtualSession = SessionVirtual::getExistingSession($this->session->sessionID); - } + if (class_exists(WCFACP::class, false)) { + $virtualSessionAction = new ACPSessionVirtualAction(array(), 'create', array('data' => array('sessionID' => $this->session->sessionID))); + } + else { + $virtualSessionAction = new SessionVirtualAction(array(), 'create', array('data' => array('sessionID' => $this->session->sessionID))); + } + + try { + $returnValues = $virtualSessionAction->executeAction(); + $this->virtualSession = $returnValues['returnValues']; + } + catch (DatabaseException $e) { + // MySQL error 23000 = unique key + // do not check against the message itself, some weird systems localize them + if ($e->getCode() == 23000) { + if (class_exists(WCFACP::class, false)) { + $this->virtualSession = ACPSessionVirtual::getExistingSession($this->session->sessionID); + } + else { + $this->virtualSession = SessionVirtual::getExistingSession($this->session->sessionID); } } } @@ -477,7 +475,7 @@ class SessionHandler extends SingletonFactory { */ protected function validate() { if (SESSION_VALIDATE_IP_ADDRESS) { - if ($this->supportsVirtualSessions && ($this->virtualSession instanceof ACPSessionVirtual)) { + if ($this->virtualSession instanceof ACPSessionVirtual) { if ($this->virtualSession->ipAddress != UserUtil::getIpAddress()) { return false; } @@ -488,7 +486,7 @@ class SessionHandler extends SingletonFactory { } if (SESSION_VALIDATE_USER_AGENT) { - if ($this->supportsVirtualSessions && ($this->virtualSession instanceof ACPSessionVirtual)) { + if ($this->virtualSession instanceof ACPSessionVirtual) { if ($this->virtualSession->userAgent != UserUtil::getUserAgent()) { return false; } @@ -537,17 +535,15 @@ class SessionHandler extends SingletonFactory { } $createNewSession = true; - if ($this->supportsVirtualSessions) { - // find existing session - $session = call_user_func(array($this->sessionClassName, 'getSessionByUserID'), $this->user->userID); - - if ($session !== null) { - // inherit existing session - $this->session = $session; - $this->loadVirtualSession(true); - - $createNewSession = false; - } + // find existing session + $session = call_user_func(array($this->sessionClassName, 'getSessionByUserID'), $this->user->userID); + + if ($session !== null) { + // inherit existing session + $this->session = $session; + $this->loadVirtualSession(true); + + $createNewSession = false; } if ($createNewSession) { @@ -570,7 +566,7 @@ class SessionHandler extends SingletonFactory { catch (DatabaseException $e) { // MySQL error 23000 = unique key // do not check against the message itself, some weird systems localize them - if ($e->getCode() == 23000 && $this->supportsVirtualSessions) { + if ($e->getCode() == 23000) { // find existing session $session = call_user_func(array($this->sessionClassName, 'getSessionByUserID'), $this->user->userID); @@ -713,50 +709,12 @@ class SessionHandler extends SingletonFactory { $hideSession = $eventParameters['hideSession']; // skip changeUserVirtual, if session will not be persistent anyway - if ($this->supportsVirtualSessions && !$hideSession) { + if (!$hideSession) { $this->changeUserVirtual($user); } - else { - // update user reference - $this->user = $user; - - if (!$hideSession) { - // update session - /** @var \wcf\data\DatabaseObjectEditor $sessionEditor */ - $sessionEditor = new $this->sessionEditorClassName($this->session); - - $this->register('__changeSessionID', true); - - try { - $sessionEditor->update(array( - 'userID' => $user->userID - )); - } - catch (DatabaseException $e) { - // MySQL error 23000 = unique key - // do not check against the message itself, some weird systems localize them - if ($e->getCode() == 23000) { - $sessionTable = call_user_func(array($this->sessionClassName, 'getDatabaseTableName')); - - // user is not a guest, delete all other sessions of this user - $sql = "DELETE FROM ".$sessionTable." - WHERE sessionID <> ? - AND userID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); - $statement->execute(array($this->sessionID, $user->userID)); - - // update session - $sessionEditor->update(array( - 'userID' => $user->userID - )); - } - else { - // not our business - throw $e; - } - } - } - } + + // update user reference + $this->user = $user; // reset caches $this->groupData = null; @@ -774,10 +732,7 @@ class SessionHandler extends SingletonFactory { } /** - * Changes the user stored in the session, this method is different from changeUser() because it - * attempts to re-use sessions unless there are other virtual sessions for the same user (userID != 0). - * In reverse, logging out attempts to re-use the current session or spawns a new session depending - * on other virtual sessions. + * Changes the user stored in the session. * * @param \wcf\data\user\User $user */ @@ -838,6 +793,11 @@ class SessionHandler extends SingletonFactory { // guest -> user (login) // default: + if (!$this->supportsVirtualSessions) { + // delete all other sessions of this user + call_user_func(array($this->sessionEditorClassName, 'deleteUserSessions'), array($user->userID)); + } + // find existing session for this user $session = call_user_func(array($this->sessionClassName, 'getSessionByUserID'), $user->userID); @@ -889,7 +849,6 @@ class SessionHandler extends SingletonFactory { break; } - $this->user = $user; $this->loadVirtualSession(true); }