From eee3bd3f48ff909aa5d1ff0a392961279ee335e4 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Fri, 16 Jan 2009 21:37:47 +0000
Subject: [PATCH] MDL-14992 towards better db sessions

---
 lib/sessionlib.php | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index c91bcaa45c..fa1f490b26 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -290,7 +290,7 @@ class database_session extends session_stub {
                                            array($this, 'handler_destroy'),
                                            array($this, 'handler_gc'));
         if (!$result) {
-            print_error('dbsessionhandlerproblem'); //TODO: localise
+            print_error('dbsessionhandlerproblem', 'error');
         }
     }
 
@@ -311,7 +311,8 @@ class database_session extends session_stub {
     public function handler_read($sid) {
         global $CFG;
 
-        //TODO: implement locking and all the bells and whistles
+        // TODO: implement normal locking (and later speculative locking)
+        // TODO: implement timeout + auth plugin hook (see gc)
 
         if ($this->record and $this->record->sid != $sid) {
             error_log('Weird error reading session - mismatched sid');
@@ -342,6 +343,15 @@ class database_session extends session_stub {
             return '';
         }
 
+        if (md5($record->sessdata) !== $record->sessdatahash) {
+            // probably this is caused by misconfigured mysql - the allowed request size might be too small
+            try {
+                $this->database->delete_records('sessions', array('sid'=>$record->sid));
+            } catch (dml_exception $ignored) {
+            }
+            print_error('dbsessionbroken', 'error');
+        }
+
         $data = base64_decode($record->sessdata);
         unset($record->sessdata); // conserve memory
         $this->record = $record;
@@ -364,6 +374,8 @@ class database_session extends session_stub {
         $this->record->timemodified = time();
         $this->record->lastip       = getremoteaddr();
 
+        // TODO: verify session changed before doing update
+
         try {
             $this->database->update_record_raw('sessions', $this->record);
         } catch (dml_exception $ex) {
@@ -392,6 +404,8 @@ class database_session extends session_stub {
         $select = "timemodified + :maxlifetime < :now";
         $params = array('now'=>time(), 'maxlifetime'=>$maxlifetime);
 
+        // TODO: add auth plugin hook that would allow extennding of max lifetime
+
         try {
             $this->database->delete_records_select('sessions', $select, $params);
         } catch (dml_exception $ex) {
-- 
2.39.5