diff --git a/core/config.cpp b/core/config.cpp index 04ca8cd..fe9fafb 100755 --- a/core/config.cpp +++ b/core/config.cpp @@ -147,6 +147,7 @@ void Config::AssignValues(bool stdout_is_closed) session_max_idle = Int(L"session_max_idle", 10800); // 3h session_remember_max_idle = Int(L"session_remember_max_idle", 16070400); // 3 months session_file = AText(L"session_file"); + session_max = Size(L"session_max", 1000000); compression = Bool(L"compression", true); compression_page_min_size = Int(L"compression_page_min_size", 512); diff --git a/core/config.h b/core/config.h index 361d0ea..2a2de92 100755 --- a/core/config.h +++ b/core/config.h @@ -129,6 +129,10 @@ public: // this file is used when the program is starting and ending std::string session_file; + // how many sessions can be (zero turn off this checking) + // default: 1000000 (one milion) + size_t session_max; + // allow the html ouput to be compressed bool compression; diff --git a/core/session.cpp b/core/session.cpp index 84487b7..d4f2f0f 100755 --- a/core/session.cpp +++ b/core/session.cpp @@ -38,19 +38,6 @@ void Session::Clear() remember_me = false; new_session = true; spam_score = 0; - -// dir_old.clear(); } -bool Session::operator==(const Session & s) const -{ - return id == s.id; -} - - -bool Session::operator<(const Session & s) const -{ - return id < s.id; -} - diff --git a/core/session.h b/core/session.h index a388bbf..0212ea1 100755 --- a/core/session.h +++ b/core/session.h @@ -24,7 +24,7 @@ // and in its destructor the plugin.Call(WINIX_SESSION_REMOVE) is called struct Session { - // 0 - means that there is no session + // 0 - means that there is a temporary session long id; // true if the session was created now @@ -55,21 +55,17 @@ struct Session Rebus::Item * rebus_item; bool rebus_checked; - //std::string dir_old; - int spam_score; PluginData plugin_data; - // ------------------- + + Session(); void Clear(); - bool operator==(const Session & s) const; - bool operator<(const Session & s) const; - void DecTimer(int & timer); }; diff --git a/core/sessionmanager.cpp b/core/sessionmanager.cpp index b173f52..929a1e7 100755 --- a/core/sessionmanager.cpp +++ b/core/sessionmanager.cpp @@ -119,6 +119,8 @@ void SessionManager::CreateTemporarySession() else { request->session = &(*i); + request->session->Clear(); // !! what about session.plugin_data? + request->session->id = 0; request->session->new_session = false; } } @@ -130,23 +132,30 @@ void SessionManager::CreateSession() Session s; int attempts = 100; - for( ; attempts > 0 ; --attempts ) + if( config->session_max == 0 || session_tab.Size() < config->session_max - 1 ) // -1 for the temporary session { - s.id = CreateSessionId(); - - bool added = session_tab.PushBack(s); - - if( added ) + for( ; attempts > 0 ; --attempts ) { - request->session = &session_tab.Back(); - request->session->new_session = true; - - log << log2 << "SM: created a new session: " << request->session->id << logend; + s.id = CreateSessionId(); + + bool added = session_tab.PushBack(s); - return; + if( added ) + { + request->session = &session_tab.Back(); + request->session->new_session = true; + + log << log2 << "SM: created a new session: " << request->session->id << logend; + + return; + } } } - + else + { + log << log2 << "SM: sessions limit exceeded (" << config->session_max << ")" << logend; + } + // there is a problem with generating a new session id // we do not set a session cookie CreateTemporarySession(); diff --git a/core/users.cpp b/core/users.cpp index 56748b3..e2faeac 100755 --- a/core/users.cpp +++ b/core/users.cpp @@ -131,6 +131,12 @@ void Users::LoginUser(long user_id, bool remember_me) if( !request->session ) return; + if( request->session->id == 0 ) + { + log << log1 << "Users: cannot login a user on a temporary session" << logend; + return; + } + request->session->puser = GetUser(user_id); request->session->spam_score = 0;