summaryrefslogtreecommitdiff
path: root/include/sessions.php
AgeCommit message (Collapse)Author
2024-07-12Move side effects out of the 'Sessions' constructor.wn_
2024-07-11Add and use the 'Sessions' class.wn_
2024-07-05Switch to the non-deprecated form of 'session_set_save_handler'.wn_
As of PHP 8.4 the form with more than 2 arguments is deprecated. This also does some initial work to make the functions behave closer to what SessionHandlerInterface describes. * https://php.watch/versions/8.4/session_set_save_handler-alt-signature-deprecated * https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures * https://www.php.net/manual/en/class.sessionhandlerinterface.php
2024-04-20Move 'include/functions.php' require into Composer autoloader.wn_
Autoloader regenerated with 'composer dump-autoload --optimize'.
2024-02-21add HOOK_VALIDATE_SESSIONAndrew Dolgov
2024-01-08Clean up some unused variables.wn_
This is essentially https://gitlab.tt-rss.org/wn/tt-rss/-/commit/1ccc0c8c1af04dd9654b585c6d07e3a75d944a0c without the renames and some other things related to Psalm.
2021-11-11Address PHPStan warnings in 'include/sessions.php'.wn_
2021-11-10add two helper account access levels:Andrew Dolgov
- read only - can't subscribe to more feeds, feed updates are skipped - disabled - can't login define used access levels as UserHelper constants and refactor code to use them instead of hardcoded numbers
2021-06-25prolong PHP session cookie automatically to stop hard logouts after ↵Andrew Dolgov
SESSION_COOKIE_LIFETIME expires
2021-05-11use database-backed sessions in single user modeAndrew Dolgov
2021-03-05sessions: stop validating against hash of user agent because chromium is sendingAndrew Dolgov
different agent headers for whatever reason, example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36 seems to be related, at least, to App.postOpenWindow() hack.
2021-03-04bring back web dbupdate using new migrations systemAndrew Dolgov
2021-03-04sessions: don't check schema versionAndrew Dolgov
2021-03-01userhelper: use orm for a few more user-related thingsAndrew Dolgov
2021-03-01move startup checks to Config, set a bunch of @deprecated annotationsAndrew Dolgov
2021-02-25cache schema version betterAndrew Dolgov
2021-02-25stop caching schema version entirely, fix some session_start() related warningsAndrew Dolgov
2021-02-23rename TTRSS_SESSION_NAME to SESSION_NAMEAndrew Dolgov
2021-02-23cleanup some defined-stuffAndrew Dolgov
2021-02-22don't include config.php everywhereAndrew Dolgov
2021-02-22wip: initial for config objectAndrew Dolgov
2021-02-22fix several issues reported by phpstanAndrew Dolgov
2021-02-16move session-related functions to their own namespaceAndrew Dolgov
2021-02-15remove the rest of db.php; rename some leftover methods in feedsAndrew Dolgov
2021-02-12add HTTP_ACCEPT_LANGUAGE handling for php8Andrew Dolgov
2021-02-08remove PHPMD.UnusedFormalParameterAndrew Dolgov
2021-02-06more php8 fixes mostly related to loginAndrew Dolgov
2020-09-30set session.cookie_lifetime to 0 initially instead of a rather useless min()Andrew Dolgov
2020-09-17rename gettext.inc to gettext.inc.php (cosmetic)Andrew Dolgov
2019-12-18remove version.php and VERSION global constant, do version-related things in ↵Andrew Dolgov
a slightly less ridiculous way
2019-04-11add hidden _SKIP_SESSION_UA_CHECKS tunableAndrew Dolgov
2018-10-16fix session write handler always assuming that database entry exists and ↵Andrew Dolgov
failing silently if it doesn't; remove session cookie-related hacks
2018-10-16remove session REMOTE_ADDR checksAndrew Dolgov
2018-10-15do not use separate _ssl cookie for secure sessionsAndrew Dolgov
2018-10-15force regenerate session id on successful login, remove previous blank SID checkAndrew Dolgov
2018-10-15if empty session is autostarted because of a cookie, immediately destroy itAndrew Dolgov
2018-10-15validate_session: bring back IP session binding (enabled by default) and UA ↵Andrew Dolgov
checking
2017-12-01sessions: PDOAndrew Dolgov
2017-07-17sessions: use is_server_https() for secure cookie settingAndrew Dolgov
2017-07-17$_SERVER['HTTPS'] can be exists and 'off' for non-https connectiosNatan Frei
2017-07-13rework previous 32 bit session stuffAndrew Dolgov
2017-07-13sessions: clip max expiry value to a 32bit integerAndrew Dolgov
2017-04-26remove some redundant php closing tagsAndrew Dolgov
2017-04-26fix various issues reported by static analysisAndrew Dolgov
update gitlab-ci config
2015-12-07ttrss_gc: return trueAndrew Dolgov
2015-08-21remove SESSION_CHECK_ADDRESSAndrew Dolgov
2015-01-31session: don't try to validate session schema version on empty sessionsAndrew Dolgov
2015-01-30do not invalidate session when version_static and user agent changesAndrew Dolgov
2013-07-06better error reporting in session validationAndrew Dolgov
2013-04-24use static version for session checking, show latest changeset for git ↵Andrew Dolgov
version instead of head date
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-28 13:20:50 +0000