tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT: Added Member::set_login_marker_cookie(), to let developers bypass static caching for logged-in users (from r73803)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88635 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2009-10-12 03:27:41 +00:00
parent cad7d5e859
commit 9642c7171c
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
security/Member.php
View File

@ -92,6 +92,35 @@ class Member extends DataObject {
protected static $lock_out_after_incorrect_logins = null;
/**
* If this is set, then a session cookie with the given name will be set on log-in,
* and cleared on logout.
*/
protected static $login_marker_cookie = null;
/**
* If this is called, then a session cookie will be set to "1" whenever a user
* logs in. This lets 3rd party tools, such as apache's mod_rewrite, detect
* whether a user is logged in or not and alter behaviour accordingly.
*
* One known use of this is to bypass static caching for logged in users. This is
* done by putting this into _config.php
* <pre>
* Member::set_login_marker_cookie("SS_LOGGED_IN");
* </pre>
*
* And then adding this condition to each of the rewrite rules that make use of
* the static cache.
* <pre>
* RewriteCond %{HTTP_COOKIE} !SS_LOGGED_IN=1
* </pre>
*
* @param $cookieName string The name of the cookie to set.
*/
static function set_login_marker_cookie($cookieName) {
self::$login_marker_cookie = $cookieName;
}
/**
* This method is used to initialize the static database members
*
@ -211,6 +240,8 @@ class Member extends DataObject {
self::session_regenerate_id();
Session::set("loggedInAs", $this->ID);
// This lets apache rules detect whether the user has logged in
if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0);
$this->NumVisit++;
@ -282,6 +313,8 @@ class Member extends DataObject {
if($member) {
self::session_regenerate_id();
Session::set("loggedInAs", $member->ID);
// This lets apache rules detect whether the user has logged in
if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0);
$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($member->ID));
$member->RememberLoginToken = $token;
@ -301,6 +334,7 @@ class Member extends DataObject {
*/
function logOut() {
Session::clear("loggedInAs");
if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, null, 0);
self::session_regenerate_id();
$this->extend('memberLoggedOut');