Skip to content
Snippets Groups Projects
Commit cd16c5e4 authored by Frank Karlitschek's avatar Frank Karlitschek
Browse files

implement a simple request token session garbage collector

parent 1cb1980d
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 18 additions and 0 deletions
lib/util.php 100644 → 100755
+ 18
0
View file @ cd16c5e4
...@@ -358,12 +358,30 @@ class OC_Util { ...@@ -358,12 +358,30 @@ class OC_Util {
* Todo: Write howto * Todo: Write howto
*/ */
public static function callRegister(){ public static function callRegister(){
//mamimum time before token exires
$maxtime=(60*60); // 1 hour
// generate a random token. // generate a random token.
$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); $token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
// store the token together with a timestamp in the session. // store the token together with a timestamp in the session.
$_SESSION['requesttoken-'.$token]=time(); $_SESSION['requesttoken-'.$token]=time();
// cleanup old tokens garbage collector
// only run every 20th time so we dont waste cpu cycles
if(rand(0,20)==0) {
foreach($_SESSION as $key=>$value) {
// search all tokens in the session
if(substr($key,0,12)=='requesttoken') {
if($value+$maxtime<time()){
// remove outdated tokens
unset($_SESSION[$key]);
}
}
}
}
// return the token // return the token
return($token); return($token);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment