changed the algorithm how sessions work:

- if the IP is banned or there is no a winix function then we set a temporary session - else if there is a session's cookie sent by the client then: - if the cookie is a correct session's cookie then we set the session from the cookie - or if the cookie is not a correct session's cookie (e.g. session expired) and the winix function requires a cookie then we set a new session - or if there is no cookie sent then if a winix function requires a session we create a new session if there was an error creating a new session or event counters reach a ban limit then a temporary session will be used git-svn-id: svn://ttmath.org/publicrep/winix/trunk@1115 e52654a7-88a9-db11-a3e9-0013d4bc506e
2018-06-20 15:00:02 +00:00
parent 35b93b1655
commit 08123fe6ac
9 changed files with 78 additions and 40 deletions
--- a/winixd/core/sessionmanager.h
+++ b/winixd/core/sessionmanager.h
@@ -5,7 +5,7 @@
 */

 /* 
- * Copyright (c) 2008-2014, Tomasz Sowa
+ * Copyright (c) 2008-2018, Tomasz Sowa
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
@@ -70,7 +70,7 @@ public:
 	// can return a null pointer
 	Session * FindSession(long id);

-	void SetSession();
+	void PrepareSession();
 	void DeleteSessions(); // deleting all sessions
 	bool ChangeSessionId(long old_id);

@@ -116,7 +116,6 @@ private:
 	SessionContainer session_tab;
 	IPBanContainer   ban_tab;
 	IPBan * current_ip_ban;
-	bool is_session_set;
 	Session temporary_session;
 	SessionIdManager session_id_manager;

@@ -133,7 +132,7 @@ private:
 	void SetFirstExpirationTime(IPBan * ip_ban);
 	void BrokenCookieCheckBan();
 	void IncorrectSessionCheckBan();
-	void NoSessionCookieCheckBan();
+	bool ShouldNoSessionCookieGenerateTmpSession();


 	/*