[pLog-svn] r1120 - plog/trunk/class/net/http/session
jondaley at devel.plogworld.net
jondaley at devel.plogworld.net
Fri Feb 18 03:01:04 GMT 2005
Author: jondaley
Date: 2005-02-18 03:01:02 +0000 (Fri, 18 Feb 2005)
New Revision: 1120
Modified:
plog/trunk/class/net/http/session/sessionmanager.class.php
Log:
fixes issue: http://bugs.plogworld.net/view.php?id=221 now create the session directory if it doesn't exist. Currently, we only create the directory if we are using a custom directory. Presumably, if we are not using a custom directory, PHP is using /tmp or some other directory that is likely to already be there. My implementation adds an additional if statement for each check, and I could be convinced to reduce it to one, but I think this way is cleaner.
Modified: plog/trunk/class/net/http/session/sessionmanager.class.php
===================================================================
--- plog/trunk/class/net/http/session/sessionmanager.class.php 2005-02-18 02:20:33 UTC (rev 1119)
+++ plog/trunk/class/net/http/session/sessionmanager.class.php 2005-02-18 03:01:02 UTC (rev 1120)
@@ -101,12 +101,31 @@
{
$config =& Config::getConfig();
$sessionFolder = $config->getValue( "session_save_path" );
+ // do we need to do anything if we are using the default
+ // session path? PHP defaults to /tmp/, so there isn't
+ // anything to do
if( isset( $sessionFolder )) {
- // check if the folder is readable
- if( !File::isReadable( $sessionFolder )) {
- throw( new Exception( "Sessions should be saved in $sessionFolder but it is not readable!" ));
- die();
+ if( !File::exists( $sessionFolder )) {
+ // create folder with only user permissions
+ // since we want to protect the session data
+ if( !File::createDir( $sessionFolder, 0700 )) {
+ throw( new Exception( "Sessions should be " .
+ "saved in $sessionFolder but it " .
+ "doesn't exist and I can't create it!" ));
+ die();
+ }
}
+
+ // check if the folder is accessible
+ if( !File::isReadable( $sessionFolder ) ||
+ !File::isWritable( $sessionFolder )) {
+ if( !File::chMod( $sessionFolder, 0700 )) {
+ throw( new Exception( "Sessions should be " .
+ "saved in $sessionFolder but it is " .
+ "not accessible!" ));
+ die();
+ }
+ }
// if everything ok, we can continue...
session_save_path( $sessionFolder );
}
More information about the pLog-svn
mailing list