implement a simple request token session garbage collector

author: Frank Karlitschek <frank@owncloud.org> 2012-06-11 12:13:08 +0200
committer: Frank Karlitschek <frank@owncloud.org> 2012-06-11 12:13:08 +0200
commit: cd16c5e4796204c993d5f8c76d6c9c684cd0705c (patch)
tree: 08617553cdbd612048b69b6eceaa9918ae039c00 /lib/util.php
parent: 1cb1980d6200a18c288d5db3d0dadebd65ae894b (diff)
download: nextcloud-server-cd16c5e4796204c993d5f8c76d6c9c684cd0705c.tar.gz
nextcloud-server-cd16c5e4796204c993d5f8c76d6c9c684cd0705c.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php
index 7c85db71f5f..b6f3cb5df44 100644..100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -358,12 +358,30 @@ class OC_Util {
 	 * Todo: Write howto
 	 */
 	public static function callRegister(){
+		//mamimum time before token exires
+		$maxtime=(60*60);  // 1 hour
+
 		// generate a random token.
 		$token=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
 
 		// store the token together with a timestamp in the session.
 		$_SESSION['requesttoken-'.$token]=time();
 
+		// cleanup old tokens garbage collector
+		// only run every 20th time so we don�t waste cpu cycles
+		if(rand(0,20)==0) {  
+			foreach($_SESSION as $key=>$value) {
+				// search all tokens in the session
+				if(substr($key,0,12)=='requesttoken') {
+					if($value+$maxtime<time()){
+						// remove outdated tokens
+						unset($_SESSION[$key]);						
+					}
+				}	
+			}
+		}
+
+
 		// return the token
 		return($token);
 	}
author	Frank Karlitschek <frank@owncloud.org>	2012-06-11 12:13:08 +0200
committer	Frank Karlitschek <frank@owncloud.org>	2012-06-11 12:13:08 +0200
commit	cd16c5e4796204c993d5f8c76d6c9c684cd0705c (patch)
tree	08617553cdbd612048b69b6eceaa9918ae039c00 /lib/util.php
parent	1cb1980d6200a18c288d5db3d0dadebd65ae894b (diff)
download	nextcloud-server-cd16c5e4796204c993d5f8c76d6c9c684cd0705c.tar.gz nextcloud-server-cd16c5e4796204c993d5f8c76d6c9c684cd0705c.zip