fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity
16455 commits 3 branches 212 tags 117 MiB
Commit graph

50 commits

Author SHA1 Message Date
Min-Soo Kim
f8edfacde2 Refine secure cookie flag 
_use_ssl 대신 site_module_info 를 직접 참조하도록 수정.
함수 이름을 조금 더 자연스럽게 수정.
 2018-04-28 11:25:15 +09:00
Min-Soo Kim
c1c9a94623 Improve cookie security; Secure flag 
SSL 항상 사용 옵션인 경우 쿠키도 이에 맞추어 SSL 인 경우에만 사용되도록 `secure` flag 를 추가합니다.
선택적 SSL 인 경우 SSL 이 적용되지 않은 구간에서도 쿠키를 읽을 수 있어야 하므로, 적용하지 않습니다.
 2018-04-24 19:30:38 +09:00
Kijin Sung
591e9cb270 Revert "Improve cookie secure setting values" 
This reverts commit 73da2af393.
 2018-04-23 00:43:24 +09:00
Kijin Sung
cfca05c897 Revert "Fix httpOnly flag by mistake.... (#1032)" 
This reverts commit 0347bb7053.
 2018-04-23 00:42:12 +09:00
Min-Soo Kim
0347bb7053
Fix httpOnly flag by mistake.... (#1032) 
73da2af393 fix.
 2018-04-23 00:17:26 +09:00
Min-Soo Kim
73da2af393 Improve cookie secure setting values 
HTTPS 를 사용하는 상황에 대한 판단을 할 수 있는 상황에서 쿠키의 secure flag 를 달아준다.
 2018-04-22 23:58:13 +09:00
Kijin Sung
e3a2c1a6aa Guard more count() calls in common framework classes 2017-12-09 02:49:01 +09:00
Kijin Sung
a3ef122b57 Merge branch 'develop' into pr/csrf-token 2017-03-13 16:35:24 +09:00
Kijin Sung
beee2165fb Update session class to use getDefaultDomainInfo() for SSO 2017-03-13 11:35:37 +09:00
Kijin Sung
a0f2388842 Add Session::getGenericToken() for general-purpose token handling 2017-03-06 11:24:09 +09:00
Kijin Sung
5bd5044126 Improve referer checks in Session::checkSSO() 2017-03-04 22:15:46 +09:00
Kijin Sung
8cf3d7b520 Update SSO mechanism to use new domain system 2017-03-04 22:05:16 +09:00
Kijin Sung
cf01038ce6 Refresh member info when setSessionInfo() is called 2017-03-03 01:05:13 +09:00
Kijin Sung
fbe47e0610 Remove temporary list of override domains in Session class 2017-02-18 22:57:39 +09:00
Kijin Sung
5c8a41a655 Fix PHP warning 2017-02-17 21:38:03 +09:00
Kijin Sung
2582ef2100 More thoroughly delete conflicting cookies 2017-02-17 21:09:57 +09:00
Kijin Sung
64f0d5cb45 Remove Android Chrome from buggy user-agent list 2017-02-17 20:24:13 +09:00
Kijin Sung
51acad706e Remove unnecessary regex replacement 2017-02-17 20:15:56 +09:00
Kijin Sung
50410ec482 Delete conflicting wildcard cookies from subdomain 2017-02-17 19:44:01 +09:00
Kijin Sung
780034d4ee Do not explicitly set the domain for session cookies 2017-02-17 19:33:05 +09:00
Kijin Sung
cbae2c374e Use meta refresh instead of 302 redirect on new session 
Attempting to fix missing session cookie in some versions of Android webview and Chrome.
This may or may not be of any use, but why not try?

See https://bugs.chromium.org/p/chromium/issues/detail?id=150066
 2017-02-16 11:53:27 +09:00
Kijin Sung
b43c653186 Add options to control session keys and SSL-only attribute 2017-02-14 13:37:30 +09:00
Kijin Sung
dea757cfb7 Do not refresh session keys over POST 2017-02-13 17:49:27 +09:00
Kijin Sung
a6fee16b68 Extend detection of buggy user agents that cannot handle session keys 2017-02-13 17:28:04 +09:00
Kijin Sung
9c96dc04bc Remove debugging code 2017-02-13 16:54:25 +09:00
Kijin Sung
aeb42891b0 Do not check security keys if session was started on Android webview 2017-02-13 16:53:30 +09:00
Kijin Sung
ba925150a3 Quash www subdomain to prevent duplicate sessions 2017-02-13 13:55:47 +09:00
Kijin Sung
4a4612938a Show warning when a session is discarded due to invalid keys 2017-02-12 23:12:53 +09:00
Kijin Sung
1a0e49dcfb Change method for storing and caching session validity information 2017-02-12 23:00:53 +09:00
Kijin Sung
9884bbb3b8 Fix inconsistent whitespace 2017-02-11 21:55:01 +09:00
Kijin Sung
31623842ba Fix logout bug in admin module 2017-02-11 21:41:21 +09:00
Kijin Sung
1e532c51a4 Restore member_srl if it was changed by a third-party program 2017-02-11 21:13:18 +09:00
Kijin Sung
b32ae03396 Fix session variables being reset to an empty string 2017-02-11 14:15:38 +09:00
Kijin Sung
dfdbc1db85 Add session helper class and move remainder of session validation logic to Session class 2017-02-10 20:50:38 +09:00
Kijin Sung
4b26db9932 Fix unit tests, and add tests for Session::isValid() 2017-02-09 00:42:34 +09:00
Kijin Sung
3be0e79abb Improve session invalidation routines 2017-02-09 00:34:01 +09:00
Kijin Sung
c7d8d84500 Add option to invalidate other sessions on password change 
Feature request in https://www.xetown.com/lakepark/345786
 2017-02-09 00:06:32 +09:00
Kijin Sung
bdb10d57c5 Miscellaneous fixes to session handling 2017-02-08 21:35:00 +09:00
Kijin Sung
59c3fa1381 Fix unexpected cast to int 2017-02-08 18:06:26 +09:00
Kijin Sung
2af90c8e1d Implement autologin in the Session class 2017-02-08 17:08:31 +09:00
Kijin Sung
af41f36bf7 Move checkSSO() from Context class to Session class 2017-02-07 23:26:43 +09:00
Kijin Sung
c1b932d360 Add unit tests for Session::checkStart() 2016-10-05 20:26:56 +09:00
Kijin Sung
7d85a8dd14 Use common variable to refer to session name 2016-10-05 17:40:09 +09:00
Kijin Sung
b7c558a96f Move session delay feature into Session class 2016-10-05 17:26:05 +09:00
Kijin Sung
ab3d1b5fd6 Fix miscellaneous bugs and improve security of Session class 2016-08-19 23:07:11 +09:00
Kijin Sung
a74daeb071 Fix typo in variable name 2016-08-16 11:39:40 +09:00
Kijin Sung
d07bd15b80 Integrate session class with Context class and Member module 2016-08-15 21:49:17 +09:00
Kijin Sung
e2b2861e81 Implement most of the functionality of the Session class 2016-08-15 17:58:13 +09:00
Kijin Sung
2f5d51076c Add generic getter and setter methods 2016-07-09 23:13:44 +09:00
Kijin Sung
7816062044 Initial structure of session class 2016-07-05 23:27:25 +09:00