implement a simple request token session garbage collector
This commit is contained in:
parent
1cb1980d62
commit
cd16c5e479
|
@ -358,12 +358,30 @@ class OC_Util {
|
|||
* Todo: Write howto
|
||||
*/
|
||||
public static function callRegister(){
|
||||
//mamimum time before token exires
|
||||
$maxtime=(60*60); // 1 hour
|
||||
|
||||
// generate a random token.
|
||||
$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
|
||||
|
||||
// store the token together with a timestamp in the session.
|
||||
$_SESSION['requesttoken-'.$token]=time();
|
||||
|
||||
// cleanup old tokens garbage collector
|
||||
// only run every 20th time so we don´t waste cpu cycles
|
||||
if(rand(0,20)==0) {
|
||||
foreach($_SESSION as $key=>$value) {
|
||||
// search all tokens in the session
|
||||
if(substr($key,0,12)=='requesttoken') {
|
||||
if($value+$maxtime<time()){
|
||||
// remove outdated tokens
|
||||
unset($_SESSION[$key]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// return the token
|
||||
return($token);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue