closed #142 added custom "onsuspect()" session handler

exodus4d · May 7, 2016 · 26d0aaf · 26d0aaf
1 parent 96aae44
commit 26d0aaf
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/app/main/controller/controller.php b/app/main/controller/controller.php
@@ -18,6 +18,7 @@ class Controller {
     const COOKIE_NAME_STATE                         = 'cookie';
     const COOKIE_PREFIX_CHARACTER                   = 'char';
 
+    const ERROR_SESSION_SUSPECT                     = 'Suspect id: [%30s], ip: [%40s], new ip: [%40s], User-Agent: %s ';
     /**
      * @var \Base
      */
@@ -113,9 +114,33 @@ protected function getDB($database = 'PF'){
      * init new Session handler
      */
     protected function initSession(){
+
         // init DB based Session (not file based)
         if( $this->getDB('PF') instanceof DB\SQL){
-            new DB\SQL\Session($this->getDB('PF'));
+            // init session with custom "onsuspect()" handler
+            new DB\SQL\Session($this->getDB('PF'), 'sessions', true, function($session, $sid){
+                $f3 = $this->getF3();
+                if( ($ip = $session->ip() )!= $f3->get('IP') ){
+                    // IP address changed -> not critical
+                    $this->getLogger(
+                        $f3->get('PATHFINDER.LOGFILES.SESSION_SUSPECT')
+                    )->write( sprintf(
+                        self::ERROR_SESSION_SUSPECT,
+                        $sid,
+                        $session->ip(),
+                        $f3->get('IP'),
+                        $f3->get('AGENT')
+                    ));
+
+                    // no more error handling here
+                    return true;
+                }elseif($session->agent() != $f3->get('AGENT') ){
+                    // The default behaviour destroys the suspicious session.
+                    return false;
+                }
+
+                return true;
+            });
         }
     }
 

diff --git a/app/pathfinder.ini b/app/pathfinder.ini
@@ -103,10 +103,12 @@ CONSTELLATION_SYSTEMS       =   2592000
 [PATHFINDER.LOGFILES]
 ; just for manuel debug during development
 DEBUG                       =   debug
-; user login information
+; login information
 LOGIN                       =   login
+; session warnings (suspect)
+SESSION_SUSPECT             =   session_suspect
 ; account deleted
-DELETE_ACCOUNT              =   delete_account
+DELETE_ACCOUNT              =   account_delete
 
 ; API =============================================================================================
 [PATHFINDER.API]