[pLog-svn] r1120 - plog/trunk/class/net/http/session

jondaley at devel.plogworld.net jondaley at devel.plogworld.net
Fri Feb 18 03:01:04 GMT 2005 

Author: jondaley
Date: 2005-02-18 03:01:02 +0000 (Fri, 18 Feb 2005)
New Revision: 1120

Modified:
   plog/trunk/class/net/http/session/sessionmanager.class.php
Log:
fixes issue: http://bugs.plogworld.net/view.php?id=221 now create the session directory if it doesn't exist.  Currently, we only create the directory if we are using a custom directory.  Presumably, if we are not using a custom directory, PHP is using /tmp or some other directory that is likely to already be there.  My implementation adds an additional if statement for each check, and I could be convinced to reduce it to one, but I think this way is cleaner.

Modified: plog/trunk/class/net/http/session/sessionmanager.class.php
===================================================================
--- plog/trunk/class/net/http/session/sessionmanager.class.php	2005-02-18 02:20:33 UTC (rev 1119)
+++ plog/trunk/class/net/http/session/sessionmanager.class.php	2005-02-18 03:01:02 UTC (rev 1120)
@@ -101,12 +101,31 @@
 		{
 			$config =& Config::getConfig();
 			$sessionFolder = $config->getValue( "session_save_path" );
+			// do we need to do anything if we are using the default
+			// session path?  PHP defaults to /tmp/, so there isn't
+			// anything to do
 			if( isset( $sessionFolder )) {
-				// check if the folder is readable
-				if( !File::isReadable( $sessionFolder )) {
-					throw( new Exception( "Sessions should be saved in $sessionFolder but it is not readable!" ));
-					die();
+				if( !File::exists( $sessionFolder )) {
+					// create folder with only user permissions
+					// since we want to protect the session data
+					if( !File::createDir( $sessionFolder, 0700 )) {
+						throw( new Exception( "Sessions should be " .
+							"saved in $sessionFolder but it " .
+							"doesn't exist and I can't create it!" ));
+						die();
+					}
 				}
+
+				// check if the folder is accessible
+				if( !File::isReadable( $sessionFolder ) ||
+					!File::isWritable( $sessionFolder )) {
+					if( !File::chMod( $sessionFolder, 0700 )) {
+						throw( new Exception( "Sessions should be " .
+							"saved in $sessionFolder but it is " . 
+							"not accessible!" ));
+						die();
+					}
+				}
 				// if everything ok, we can continue...
 				session_save_path( $sessionFolder );
 			}

More information about the pLog-svn mailing list