Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-24 10:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: limit to dolibarr session and current entity

Browse Source
This commit is contained in:
Regis Houssin
2009-09-15 15:37:48 +00:00
parent f8c8df1096
commit b301340102
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
htdocs/lib/admin.lib.php
View File

@@ -496,6 +496,8 @@ function listOfSessions()
*/
function purgeSessions($mysessionid)
{
global $conf;
$arrayofSessions = array();
$sessPath = ini_get("session.save_path")."/";
dol_syslog('admin.lib:purgeSessions mysessionid='.$mysessionid.' sessPath='.$sessPath);
@@ -509,13 +511,18 @@ function purgeSessions($mysessionid)
$fullpath = $sessPath.$file;
if(! @is_dir($fullpath))
{
$tmp=split('_', $file);
$idsess=$tmp[1];
// We remove session if it's not ourself
if ($idsess != $mysessionid)
$sessValues = file_get_contents($fullpath); // get raw session data
if (eregi('dol_login',$sessValues) && eregi('dol_entity\|s:([0-9]+):"('.$conf->entity.')"',$sessValues)) // limit to dolibarr session and current entity
{
$res=@unlink($fullpath);
if (! $res) $error++;
$tmp=split('_', $file);
$idsess=$tmp[1];
// We remove session if it's not ourself
if ($idsess != $mysessionid)
{
$res=@unlink($fullpath);
if (! $res) $error++;
}
}
}
}