Session test to detect user switching, error counter is displayed in …

…healthcenter - please test, test, test; TODO - move string from setup.php to language file
TheVirtualLtd · Apr 18, 2005 · 00de82d · 00de82d
1 parent f0aa64e
commit 00de82d
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 0 deletions.
diff --git a/admin/cron.php b/admin/cron.php
@@ -36,6 +36,9 @@
         $USER = get_admin();      /// Temporarily, to provide environment for this script
     }
 
+    //unset test cookie, user must login again anyway
+    setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, '/');
+
 /// Start output log
 
     $timenow  = time();

diff --git a/admin/health.php b/admin/health.php
@@ -477,6 +477,38 @@ function status() {
     }
 }
 
+class problem_000011 extends problem_base {
+    function title() {
+        return 'Session errors detected';
+    }
+    function exists() {
+        global $CFG;
+        return isset($CFG->session_error_counter);
+    }
+    function severity() {
+        return SEVERITY_ANNOYANCE;
+    }
+    function description() {
+        global $CFG;
+        if (isset($CFG->session_error_counter)) {
+            return 'Session problems were detected. Total count: '.$CFG->session_error_counter;
+        } else {
+            return 'No session errors detected.';
+        }
+    }
+    function solution() {
+        global $CFG;
+        if (isset($_GET['resetsesserrorcounter'])) {
+            if (get_field('config', 'name', 'name', 'session_error_counter')) {
+                delete_records('config', 'name', 'session_error_counter');
+            }
+            return 'Error counter was cleared.';
+        } else {
+            return '<p>Session errors can be caused by:<ul><li>unresolved problem in server software (aka random switching of users),</li><li>blocked or modified cookies,</li><li>deleting of active session files.</li></ul></p><p><a href="'.me().'&resetsesserrorcounter=1">Reset counter.</a></p>';
+        }
+    }
+}
+
 
 class problem_00000x extends problem_base {
     function title() {

diff --git a/lib/setup.php b/lib/setup.php
@@ -280,6 +280,13 @@ class object {};
         @session_start();
         if (! isset($_SESSION['SESSION'])) {
             $_SESSION['SESSION'] = new object;
+            $_SESSION['SESSION']->session_test = random_string(10);
+            if (empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
+                setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
+                $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
+            } else {
+                $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = 'error!!';
+            }
         }
         if (! isset($_SESSION['USER']))    {
             $_SESSION['USER']    = new object;
@@ -329,6 +336,35 @@ class object {};
 
     theme_setup();  // Sets up theme global variables
 
+/// now do a session test to prevent random user switching
+    function report_session_error() {
+        global $CFG;
+        if (empty($CFG->lang)) {
+            $CFG->lang = "en";
+        }
+        moodle_setlocale();
+        //clear session cookies
+        setcookie('MoodleSession'.$CFG->sessioncookie, '', time() - 3600, '/');
+        setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, '/');
+        //increment database error counters
+        if (!isset($CFG->session_error_counter)) {
+            set_config('session_error_counter', 1);
+        } else {
+            set_config('session_error_counter', 1 + $CFG->session_error_counter);
+        }
+        //TODO: move string to lang/en/error.php
+        $strsessionerroruser = 'Serious session error occured, please login again.';
+        redirect($CFG->wwwroot, $strsessionerroruser, 5);
+    }
+
+    if ($SESSION != NULL) {
+        if (empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
+            report_session_error();
+        } else if ($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] != $SESSION->session_test) {
+            report_session_error();
+        }
+    }
+
 
 
 /// Set language/locale of printed times.  If user has chosen a language that

diff --git a/login/logout.php b/login/logout.php
@@ -18,6 +18,7 @@
         session_unregister("SESSION");
     }
 
+    setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, '/');
     unset($_SESSION['USER']);
     unset($_SESSION['SESSION']);