diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php index 6f5753bd76d..a5ced26531b 100644 --- a/htdocs/admin/tools/listsessions.php +++ b/htdocs/admin/tools/listsessions.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004-2012 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2024 MDW - * Copyright (C) 2024 Frédéric France + * Copyright (C) 2024-2025 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -174,7 +174,7 @@ if ($savehandler == 'files') { // Date modification print ''.dol_print_date($sessionentry['modification'], '%Y-%m-%d %H:%M:%S').''; - // Age + // Age in seconds print ''.$sessionentry['age'].''; // Raw @@ -185,7 +185,57 @@ if ($savehandler == 'files') { print "\n"; $i++; } + if (count($listofsessions) == 0) { + print ''.$langs->trans("NoSessionFound", $savepath, $openbasedir).''; + } + print ""; +} elseif ($savehandler == 'user') { + print ''; + print ''; + print_liste_field_titre("Login", $_SERVER["PHP_SELF"], "login", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre("SessionId", $_SERVER["PHP_SELF"], "id", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre("DateCreation", $_SERVER["PHP_SELF"], "datec", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre("DateModification", $_SERVER["PHP_SELF"], "datem", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre("Age", $_SERVER["PHP_SELF"], "age", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre("IPAddress", $_SERVER["PHP_SELF"], "raw", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre("UserAgent", $_SERVER["PHP_SELF"], "raw", "", "", 'align="left"', $sortfield, $sortorder); + print_liste_field_titre(''); + print "\n"; + $i = 0; + foreach ($listofsessions as $key => $sessionentry) { + print ''; + + // Login + print ''; + + // ID + print ''; + + // Date creation + print ''; + + // Date modification + print ''; + + // Age in seconds + print ''; + + // Remote IP + print ''; + + // User Agent + print ''; + print ''; + print "\n"; + $i++; + } if (count($listofsessions) == 0) { print ''; } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 6354e8e0604..3f242ad524d 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -5,7 +5,7 @@ * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2023 Eric Seigne * Copyright (C) 2024-2025 MDW - * Copyright (C) 2024 Frédéric France + * Copyright (C) 2024-2025 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1056,13 +1056,18 @@ function defaultvalues_prepare_head() /** * Return list of session * - * @return array Array list of sessions + * @return array Array list of sessions */ function listOfSessions() { - global $conf; + global $conf, $php_session_save_handler; $arrayofSessions = array(); + // Set the handler of session + if (!empty($php_session_save_handler) && $php_session_save_handler == 'db') { + require_once DOL_DOCUMENT_ROOT.'/core/lib/phpsessionin'.$php_session_save_handler.'.lib.php'; + return dolListSessions(); + } // session.save_path can be returned empty so we set a default location and work from there $sessPath = '/tmp'; $iniPath = ini_get("session.save_path"); @@ -1090,13 +1095,16 @@ function listOfSessions() $tmp = explode('_', $file); $idsess = $tmp[1]; $regs = array(); + $arrayofSessions[$idsess]["login"] = ''; $loginfound = preg_match('/dol_login\|s:[0-9]+:"([A-Za-z0-9]+)"/i', $sessValues, $regs); if ($loginfound) { - $arrayofSessions[$idsess]["login"] = $regs[1]; + $arrayofSessions[$idsess]["login"] = (string) $regs[1]; } $arrayofSessions[$idsess]["age"] = time() - filectime($fullpath); $arrayofSessions[$idsess]["creation"] = filectime($fullpath); $arrayofSessions[$idsess]["modification"] = filemtime($fullpath); + $arrayofSessions[$idsess]["user_agent"] = null; + $arrayofSessions[$idsess]["remote_ip"] = null; $arrayofSessions[$idsess]["raw"] = $sessValues; } } diff --git a/htdocs/core/lib/phpsessionindb.lib.php b/htdocs/core/lib/phpsessionindb.lib.php index ded8c3bc1f2..be685b8310b 100644 --- a/htdocs/core/lib/phpsessionindb.lib.php +++ b/htdocs/core/lib/phpsessionindb.lib.php @@ -131,10 +131,18 @@ function dolSessionWrite($sess_id, $val) $time_stamp = dol_now(); if (empty($sessionidfound)) { + if ((int) ini_get('session.gc_probability') == 0) { + // dolSessionGC will be never called + $max_lifetime = max(getDolGlobalInt('MAIN_SESSION_TIMEOUT'), (int) ini_get('session.gc_maxlifetime')); + $delete_query = "DELETE FROM ".MAIN_DB_PREFIX."session"; + $delete_query .= " WHERE last_accessed < '".$dbsession->idate($time_stamp - $max_lifetime)."'"; + $dbsession->query($delete_query); + } + // No session found, insert a new one $insert_query = "INSERT INTO ".MAIN_DB_PREFIX."session"; - $insert_query .= "(session_id, session_variable, last_accessed, fk_user, remote_ip, user_agent)"; - $insert_query .= " VALUES ('".$dbsession->escape($sess_id)."', '".$dbsession->escape($val)."', '".$dbsession->idate($time_stamp)."', 0, '".$dbsession->escape(getUserRemoteIP())."', '".$dbsession->escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 255))."')"; + $insert_query .= "(session_id, session_variable, date_creation, last_accessed, fk_user, remote_ip, user_agent)"; + $insert_query .= " VALUES ('".$dbsession->escape($sess_id)."', '".$dbsession->escape($val)."', '".$dbsession->idate($time_stamp)."', '".$dbsession->idate($time_stamp)."', 0, '".$dbsession->escape(getUserRemoteIP())."', '".$dbsession->escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 255))."')"; $result = $dbsession->query($insert_query); if (!$result) { @@ -247,3 +255,34 @@ function dolSessionGC($max_lifetime) // Call to register user call back functions. session_set_save_handler("dolSessionOpen", "dolSessionClose", "dolSessionRead", "dolSessionWrite", "dolSessionDestroy", "dolSessionGC"); // @phpstan-ignore-line + +/** + * List sessions in db + * + * @return array + */ +function dolListSessions() +{ + global $dbsession; + + $arrayofsessions = []; + $sql = "SELECT s.session_id, s.session_variable, s.fk_user, s.date_creation, s.last_accessed, s.remote_ip, s.user_agent"; + $sql .= ", u.login"; + $sql .= " FROM ".MAIN_DB_PREFIX."session as s"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=s.fk_user"; + $sql .= " LIMIT 500"; + $resql = $dbsession->query($sql); + while ($resql && $obj = $dbsession->fetch_object($resql)) { + $arrayofsessions[$obj->session_id] = [ + "login" => (string) $obj->login, + "age" => dol_now() - (int) $dbsession->jdate($obj->date_creation), + "creation" => $dbsession->idate($obj->date_creation), + "modification" => $dbsession->idate($obj->last_accessed), + "remote_ip" => $obj->remote_ip, + "user_agent" => $obj->user_agent, + "raw" => "", + ]; + } + + return $arrayofsessions; +}
'.$sessionentry['login'].''; + if ("$key" == session_id()) { + print $form->textwithpicto($key, $langs->trans("YourSession")); + } else { + print $key; + } + print ''.dol_print_date($sessionentry['creation'], '%Y-%m-%d %H:%M:%S').''.dol_print_date($sessionentry['modification'], '%Y-%m-%d %H:%M:%S').''.$sessionentry['age'].''.$sessionentry['remote_ip'].''.$sessionentry['user_agent'].' 
'.$langs->trans("NoSessionFound", $savepath, $openbasedir).'