MyShaarli

Author	SHA1	Message	Date
ArthurHoaro	d9ba1cdd44	Do not check the IP address with session protection disabled This allows the user to stay logged in if his IP changes. Fixes #1106	2018-07-17 14:13:37 +02:00
VirtualTam	8edd7f1588	SessionManager+LoginManager: fix checkLoginState logic Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	704637bfeb	Add test coverage for LoginManager methods Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:26 +02:00
VirtualTam	ebf6151738	SessionManager: remove unused UID token There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	c689e10863	Refactor LoginManager stay-signed-in token management Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	51f0128cdb	Refactor session and cookie timeout control Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	fab87c2696	Move LoginManager and SessionManager to the Security namespace Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00

7 commits

No results found.