implement a simple request token session garbage collector

diff --git a/lib/util.php b/lib/util.php
old mode 100644 (file)
new mode 100755 (executable)
index 7c85db7..b6f3cb5
--- a/lib/util.php
+++ b/lib/util.php
@@ -358,12 +358,30 @@ class OC_Util {
         * Todo: Write howto
         */
        public static function callRegister(){
+               //mamimum time before token exires
+               $maxtime=(60*60);  // 1 hour
+
                // generate a random token.
                $token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
 
                // store the token together with a timestamp in the session.
                $_SESSION['requesttoken-'.$token]=time();
 
+               // cleanup old tokens garbage collector
+               // only run every 20th time so we don´t waste cpu cycles
+               if(rand(0,20)==0) {  
+                       foreach($_SESSION as $key=>$value) {
+                               // search all tokens in the session
+                               if(substr($key,0,12)=='requesttoken') {
+                                       if($value+$maxtime<time()){
+                                               // remove outdated tokens
+                                               unset($_SESSION[$key]);                                         
+                                       }
+                               }       
+                       }
+               }
+
+
                // return the token
                return($token);
        }