diff --git a/Services/Authentication/classes/class.ilSessionReminderCheck.php b/Services/Authentication/classes/class.ilSessionReminderCheck.php index 57833b9238f5..274d6534697b 100644 --- a/Services/Authentication/classes/class.ilSessionReminderCheck.php +++ b/Services/Authentication/classes/class.ilSessionReminderCheck.php @@ -9,10 +9,10 @@ class ilSessionReminderCheck { /** - * @param string $sessionId + * @param string $sessionIdHash * @return string */ - public function getJsonResponse(string $sessionId) : string + public function getJsonResponse(string $sessionIdHash) : string { /** * @var $ilDB ilDBInterface @@ -25,7 +25,7 @@ public function getJsonResponse(string $sessionId) : string $lng = $DIC['lng']; $ilClientIniFile = $DIC['ilClientIniFile']; - $GLOBALS['DIC']->logger()->auth()->debug('Session reminder call for: ' . $sessionId); + $GLOBALS['DIC']->logger()->auth()->debug('Session reminder call for session id hash: ' . $sessionIdHash); // disable session writing and extension of expiration time ilSession::enableWebAccessWithoutSession(true); @@ -34,11 +34,12 @@ public function getJsonResponse(string $sessionId) : string $res = $ilDB->queryF( ' - SELECT expires, user_id, data - FROM usr_session - WHERE session_id = %s', - array('text'), - array($sessionId) + SELECT expires, user_id, data + FROM usr_session + WHERE MD5(session_id) = %s + ', + ['text'], + [$sessionIdHash] ); $num = (int) $ilDB->numRows($res); diff --git a/Services/Authentication/classes/class.ilSessionReminderGUI.php b/Services/Authentication/classes/class.ilSessionReminderGUI.php index fc6be3db3fcd..6e7e5f90dfc8 100644 --- a/Services/Authentication/classes/class.ilSessionReminderGUI.php +++ b/Services/Authentication/classes/class.ilSessionReminderGUI.php @@ -47,7 +47,6 @@ public function populatePage() : void $url = './sessioncheck.php?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey(); $devMode = defined('DEVMODE') && DEVMODE ? 1 : 0; $clientId = defined('CLIENT_ID') ? CLIENT_ID : ''; - $sessionName = session_name(); $sessionId = session_id(); $sessionHash = md5($sessionId); @@ -56,9 +55,7 @@ public function populatePage() : void $("body").ilSessionReminder({ url: "$url", client_id: "$clientId", - session_name: "$sessionName", - session_id: "$sessionId", - session_id_hash: "$sessionHash", + hash: "$sessionHash", frequency: 60, debug: $devMode }); diff --git a/Services/Authentication/js/session_reminder.js b/Services/Authentication/js/session_reminder.js index a6ba10b3d892..5adb33258dc1 100644 --- a/Services/Authentication/js/session_reminder.js +++ b/Services/Authentication/js/session_reminder.js @@ -71,7 +71,7 @@ dataType:'json', type: 'POST', data: { - session_id: properties.session_id + hash: properties.hash }, success: function (response) { if (response.message && typeof response.message == "string") { @@ -130,13 +130,11 @@ properties: $.extend( true, {}, { - url :"", - client_id :"", - session_name:"", - session_id :"", - session_id_hash :"", - frequency :60, - debug :0 + url: "", + client_id: "", + hash: "", + frequency: 60, + debug: 0 }, params ) diff --git a/sessioncheck.php b/sessioncheck.php index 5154d5a3eb79..135b694af25f 100644 --- a/sessioncheck.php +++ b/sessioncheck.php @@ -14,6 +14,6 @@ include_once 'Services/Authentication/classes/class.ilSessionReminderCheck.php'; $session_reminder_check = new ilSessionReminderCheck(); echo $session_reminder_check->getJsonResponse( - ilUtil::stripSlashes($_POST['session_id']) + ilUtil::stripSlashes($_POST['hash'] ?? '') ); exit();