Commit Graph

67 Commits

Author SHA1 Message Date
Ralf Becker
72c350f76d * API: fixed not working session encryption, by switch back to previous MCrypt algorithm and mode 2013-10-07 07:22:21 +00:00
Ralf Becker
3c160e5062 use secure and httponly cookies by default, secure cookies can be switched off in Admin >> site configuration, if required for sitemgr 2013-09-11 13:06:27 +00:00
Ralf Becker
127a8d2bbf fixed typo in cache-control header, causing pages not getting cached, if clients used it in favor of Expires header 2013-04-05 10:24:29 +00:00
Ralf Becker
9dfd92813a * Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working 2013-02-21 09:44:56 +00:00
Ralf Becker
34afa59041 * SiteMgr: sitewide config to allow proxys and CDNs caching of anonymous requests (Expires and Cache-Control header)
apps can now enable public caching by either setting $GLOBALS[egw_info][flags][nocachecontrol] to "public" (default php.ini session.cache_expire) or a numeric value in seconds, or call egw_session::cache_control()
2013-02-19 15:40:32 +00:00
Ralf Becker
15a66aa7e1 include unsuccessfull session creation and reason in debug logging 2013-02-15 16:16:18 +00:00
Klaus Leithoff
bafc7dc836 use better defaults for some egw_info server values (num_unsuccessful_id, num_unsuccessful_ip, block_time) 2012-11-29 10:51:24 +00:00
Ralf Becker
89991bc69f using pseudo-sessionid for ownCloud remote.php url too, as we otherwise generate lots of new sessions 2012-10-25 12:51:47 +00:00
Ralf Becker
f56c788176 allow to use HTTP_HOST (without optional port) or SERVER_NAME to find matching instance 2012-10-12 15:12:08 +00:00
Ralf Becker
02c464b94f * API/accounts/preferences: instance-wide cache of account and preference data, so changes from other sessions have immediate effect
r40051: * API/accounts: instance-wide cache for account-data incl. members and memberships, so change take imediate effect (compared to previous session based cache)
r40052: not storing $GLOBALS[egw_info][user] twice in session (was also stored as $GLOBALS[egw]->session->user), also removing not used $GLOBALS[egw_info][user][acl], but re-reading preferences in session::verify() so long running sessions get preferences set by an other session, removing nowhere used creditspoint class from api (calls not public available creditspoint app)
r40053: * API/preferences: caching preferences in instance cache instead of session, to get immediate update in long running sessions (eg. sync) and get smaller sessions
2012-08-07 14:26:52 +00:00
Ralf Becker
191ed55bf9 * eSync/API: update access-log action for eSync, run maintenance only on logout and other changes to speed up access/update to huge access-logs, thought indexes on session_php, (account_id,ip,li), (account_id,loginid,li) will help alot, but are postponed for next version 2012-06-12 06:33:36 +00:00
Ralf Becker
668d517a39 * Admin: remove session timeout from EGroupware config and read it via ini_get("session.gc_maxlifetime") as config fails for many reasons, if different from php.ini setting 2012-05-29 14:46:44 +00:00
Ralf Becker
1df0ef843a allow to specify a custom filter for egw_session::session_(list|count)() 2012-05-19 18:20:14 +00:00
Ralf Becker
16e41660c6 fixing the fix: api version is not yet read, therefore use modifiction time of phpgwapi/inc/setup.inc.php instead 2012-04-10 07:52:31 +00:00
Ralf Becker
a3eac1712c * CalDAV/CardDAV: add API version to pseudo session-id used to invalidate all sessions from the previous version (which eg. give database errors, because using old schema) 2012-04-07 06:53:04 +00:00
Ralf Becker
3ac708068c ignore exception while sending notification to admin (eg. SMTP error), to block the account and give a correct error-message to user 2012-02-16 14:36:12 +00:00
Ralf Becker
28b7e56f0b fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs 2011-11-15 19:48:55 +00:00
Ralf Becker
7ea3c19659 allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts 2011-11-15 12:44:41 +00:00
Klaus Leithoff
b5d5a38b1d patch to fix problem with ->not able to see mail<- egw_instant_load.html not found. provided by Vladimir Kolobkov; 2011-07-25 15:53:53 +00:00
Ralf Becker
34a76f491e fixed egroupware.org bug #3002: PHP Warning: mb_strpos() in class.egw_session.inc.php on line 1081 2011-07-03 06:56:12 +00:00
Nathan Gray
f736c89bbf Prevent doubling webserver url when building a link 2011-06-29 16:35:24 +00:00
Ralf Becker
574911d077 * Setup/API: new option to enforce ssl (without specifying a domain in Webserver-URL) 2011-05-31 13:33:26 +00:00
Ralf Becker
ce619a8711 do NOT query sessionid_access_log for anonymous sessions, as they get not loged anyway 2011-05-05 15:50:22 +00:00
Nathan Gray
056f61ef72 Fix typo 2011-04-13 17:09:18 +00:00
Ralf Becker
5495491e78 * Admin: session-list is generated now from egw_access_log table independent of readablity of sessions files in filesystem
- session_(dla|action) is stored in egw_access_log table
- notifications refresh via ajax set notification_heartbeat timestamp in egw_access_log
- if notification_heartbeat is set (happens only for browser sessions with popup notification) sessions get removed from session list one minute after browser is closed
- new static method egw_session::notifications_active($account_id) to check if given user has an open browser with notifications popup checking, to ensure popup notifications can fall back to email
--> REQUIRES DATABASE UPDATE / SETUP
2011-04-13 14:11:09 +00:00
Ralf Becker
8df8817318 only try sending cookies, if headers are not send, otherwise it gives just a warning 2010-11-26 20:09:50 +00:00
Ralf Becker
73beff54fe an other fix for NTLM and SiteMgr 2010-09-25 08:19:22 +00:00
Ralf Becker
1caead5ea9 "make sure to not double encode &" 2010-05-09 13:58:57 +00:00
Ralf Becker
930f1052d5 supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 09:19:37 +00:00
Klaus Leithoff
f69c071685 fix for: calling setup, sets some config values to default, all the time 2010-04-06 15:30:36 +00:00
Ralf Becker
07d7b66735 some fixes for session of basic auth clients as sogo connector:
- added user IP to hash used as session id (so changed IP, different devices force a different session)
- returning false in verify, if domain is changed
- fixed "Wrong IP" message
2010-01-12 03:55:42 +00:00
Ralf Becker
c743665438 "switching logging off again" 2009-12-03 07:56:34 +00:00
Ralf Becker
4e2a8131c3 "partly reverting r28676, as array2string and function_backtrace is not yet loaded" 2009-12-03 07:44:10 +00:00
Klaus Leithoff
493789cec5 extend some debug infos in egw_sessions; add a 4th param to replaceTagsCompletley in translation class; prepare some more htmlpurifier stuff in order to use it for the activation of links; wrap the creation of the htmlpurifier default config in a function, to be used as config object for changes when about to be used with html::purify 2009-12-02 14:56:41 +00:00
Ralf Becker
6ecac6f650 "removed unnecessary check for NOT allowed apps of anon user from session::verify, as there's an other one in egw::verify_session throwing an exception, which can be used to handle the situation better" 2009-10-25 17:28:30 +00:00
Christian Binder
08efec194f fixed not found user sessions while working with notifications and assured that all_no_sort param gets handed over to handler class 2009-10-23 13:07:11 +00:00
Ralf Becker
cdd5103888 fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT
register cookies in $_REQUEST any more by default (there's now a php.ini
variable 'request_order' to controll that, but we want to work with a
default configuraltion):
- session restore was not working, as only $_REQUEST[sessionid] was checked
- multi domain installs not working, as domain cookie was not checked
- encrypted session were not working, because kp3 cookie was not checked
--> there's now a static method egw_session::get_request($name), which
checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also
$_COOKIE[ucfirst($name)]
2009-08-22 19:32:28 +00:00
Ralf Becker
d679a00d1d "fix for bug #2112: fix maybe wrong case in username on login
makes problems eg. in filemanager (name of homedir)"
2009-07-18 13:14:13 +00:00
Ralf Becker
232252475f patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6).
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
2009-06-08 16:21:14 +00:00
Ralf Becker
f601537b95 fix for php5.3, which by default seems NOT include content of $_COOKIE in
$_REQUEST (request_order php.ini variable)
2009-06-07 15:49:12 +00:00
Ralf Becker
1597cdc533 "adding path (EGW_SERVER_ROOT) to hash for basic auth pseudo sesion id
(otherwise different installs in different pathes using identical credentials would share the session, which is no good idea)"
2009-04-30 07:36:07 +00:00
Ralf Becker
96f5529abf "log failed login because of hook 'session_creation' with account_id, to not block the account in that case" 2009-04-28 10:39:57 +00:00
Ralf Becker
aca05a32e3 using new check_load_extension function 2009-04-20 12:43:44 +00:00
Ralf Becker
1c11bfcf55 using a session for basic auth (not session aware) clients for WebDAV
and GroupDAV. The "sessionid" get's constructed from the basic auth
credentials and is not random (as the clients dont store them).
--> speeds up the use of *DAV
--> stops *DAV handlers to created numerious sessions
2009-04-04 08:38:56 +00:00
Ralf Becker
b976659346 "removed unnecessary ambersand in url creation, if no extravars" 2009-03-30 08:17:28 +00:00
Klaus Leithoff
0ec64072a2 enabling more info FOR THE ERROR_LOG 2008-12-09 14:02:22 +00:00
Ralf Becker
0123dc5d89 "dont log failed login attempts for the anon user, as it is a simple dos to sitemgr" 2008-11-22 08:14:59 +00:00
Ralf Becker
505fe07669 "function to analyse memory usage in the session" 2008-11-13 16:57:16 +00:00
Ralf Becker
a658d7c8ed Store config_user&_passwd of domain as hash, to be able to use them
inside eGW (without having them in cleartext available)
2008-11-09 16:15:42 +00:00
Ralf Becker
814eb013f1 Allow HTTP basic auth user to contain a domain to switch instances, as
it's done in the webgui login (for WebDAV or GroupDAV)
2008-10-26 12:18:57 +00:00