Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[2.2][Security] concurrent sessions #786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 38 commits into from
Closed

[2.2][Security] concurrent sessions #786

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
c0b33f8
added listener, strategy, registry, configuration for concurrent sess…
May 4, 2011
0f3d7c4
added SessionLogoutHandler to setup of ConcurrentSessionListener
May 5, 2011
e9bcd84
removed uneeded interface
May 5, 2011
9f4a52d
Merge branch 'master' of https://github.com/symfony/symfony
May 5, 2011
507befa
removed security.authentication.session_registry_storage service from…
May 5, 2011
5559ef8
removed unneeded methods
May 5, 2011
238606b
Merge branch 'master' of https://github.com/symfony/symfony
May 6, 2011
455197f
prepare Doctrine implementation of SessionRegistryStorage
May 17, 2011
a4eeae5
Merge branch 'master' of github.com:paschke/symfony
May 28, 2011
aadb2a7
default Doctrine implementation of SessionInformation
Jun 2, 2011
5b5edd8
Merge branch 'master' of https://github.com/symfony/symfony
Jun 2, 2011
33d83b4
removed SessionInformationIterator class
Jun 2, 2011
624b01f
forgot query condition
Jun 2, 2011
7032534
Merge branch 'master' of github.com:symfony/symfony
Dec 15, 2011
bc182f9
added DBAL default implementation of Symfony\Component\Security\Http\…
Dec 22, 2011
d0c826a
recreate SessionInformation if they were lost from the registry
Dec 22, 2011
c9f08a4
minor fixes
Dec 22, 2011
13813da
added listener, strategy, registry, configuration for concurrent sess…
May 4, 2011
8ef6923
added SessionLogoutHandler to setup of ConcurrentSessionListener
May 5, 2011
f4f0a8c
removed uneeded interface
May 5, 2011
e11a540
removed security.authentication.session_registry_storage service from…
May 5, 2011
a3d0a59
removed unneeded methods
May 5, 2011
c800408
prepare Doctrine implementation of SessionRegistryStorage
May 17, 2011
9c8bd21
default Doctrine implementation of SessionInformation
Jun 2, 2011
2efbf11
removed SessionInformationIterator class
Jun 2, 2011
3cb882c
forgot query condition
Jun 2, 2011
0aa9353
added DBAL default implementation of Symfony\Component\Security\Http\…
Dec 22, 2011
ff2122b
recreate SessionInformation if they were lost from the registry
Dec 22, 2011
efc783b
minor fixes
Dec 22, 2011
d302e37
Merge branch 'master' of http://github.com/paschke/symfony
Dec 23, 2011
bed28d2
moved DBAL implemention of SessionInformation to /Bridge
Dec 23, 2011
29e2f27
Merge branch 'master' of git://github.com/symfony/symfony
Jan 3, 2012
7a0f46a
use HttpUtils in ConcurrentSessionListener
Jan 4, 2012
ac7a1d6
removed @return void comments
Apr 8, 2012
b24a364
Merge branch 'master' of git://github.com/symfony/symfony
Apr 8, 2012
f7dfb3f
reacting to comments on PR 786
Apr 9, 2012
3cef9bb
reuse the instance level loader n src/Symfony/Bundle/SecurityBundle/D…
Apr 9, 2012
d567980
passing sessionStrategy into authenticationListenerFactories individu…
Apr 9, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
removed SessionInformationIterator class
  • Loading branch information
Stefan Paschke committed Jun 2, 2011
commit 33d83b4d8facceaab40b27946cd376dc2241f128
21 changes: 9 additions & 12 deletions 21 src/Symfony/Bundle/SecurityBundle/Doctrine/DoctrineSessionRegistryStorage.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
use Doctrine\ORM\EntityManager;
use Doctrine\ORM\Mapping\Driver\StaticPHPDriver;
use Symfony\Component\Security\Http\Session\SessionInformation;
use Symfony\Component\Security\Http\Session\SessionInformationIterator;
use Symfony\Component\Security\Http\Session\SessionRegistryStorageInterface;

class DoctrineSessionRegistryStorage implements SessionRegistryStorageInterface
Expand Down Expand Up @@ -36,24 +35,22 @@ public function getUsers()
*/
public function getSessionInformation($sessionId)
{
return $this->em->find('Symfony\Bundle\SecurityBundle\Doctrine\DoctrineSessionInformation', $sessionId);
return $this->em->find('Security:DoctrineSessionInformation', $sessionId);
}

/**
* Obtains the maintained information for one user.
*
* @param string $sessionId the session identifier key.
* @return SessionInformationIterator a SessionInformationIterator object.
* @param string $username The user identifier.
* @param boolean $includeExpiredSessions.
* @return array An array of SessionInformation objects.
*/
public function getSessionInformations($username, $includeExpiredSessions)
public function getSessionInformations($username, $includeExpiredSessions = false)
{
$sessions = new SessionInformationIterator();

foreach ($this->em->getRepository('Symfony\Bundle\SecurityBundle\Doctrine\DoctrineSessionInformation')->findBy(array('username' => $username)) as $sessionInformation) {
$sessions->add($sessionInformation);
}

return $sessions;
$query = $this->em->createQuery(
'SELECT si FROM Security:DoctrineSessionInformation si'.($includeExpiredSessions ? '' : ' WHERE si.expired IS NULL').' ORDER BY si.lastRequest DESC'
);
return $query->getResult();
}

/**
Expand Down
2 changes: 0 additions & 2 deletions 2 src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
<parameter key="security.authentication.session_registry.class">Symfony\Component\Security\Http\Session\SessionRegistry</parameter>
<parameter key="security.authentication.session_registry_storage.class">Symfony\Bundle\SecurityBundle\Doctrine\DoctrineSessionRegistryStorage</parameter>
<parameter key="security.authentication.session_information.class">Symfony\Bundle\SecurityBundle\Doctrine\DoctrineSessionInformation</parameter>
<parameter key="security.authentication.session_information_iterator.class">Symfony\Component\Security\Http\Session\SessionInformationIterator</parameter>

<parameter key="security.access.decision_manager.class">Symfony\Component\Security\Core\Authorization\AccessDecisionManager</parameter>

Expand Down Expand Up @@ -75,7 +74,6 @@
<service id="security.authentication.session_registry" class="%security.authentication.session_registry.class%" public="false">
<argument type="service" id="security.authentication.session_registry_storage" />
<argument>%security.authentication.session_information.class%</argument>
<argument>%security.authentication.session_information_iterator.class%</argument>
</service>

<service id="security.authentication.session_registry_storage" class="%security.authentication.session_registry_storage.class%" public="true">
Expand Down
11 changes: 4 additions & 7 deletions 11 src/Symfony/Component/Security/Http/Session/ConcurrentSessionControlStrategy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public function onAuthentication(Request $request, TokenInterface $token)
$sessions = $this->registry->getAllSessions($user);
$maxSessions = $this->getMaximumSessionsForThisUser($user);

if ($sessions->count() >= $maxSessions && $this->alwaysCreateSession !== true) {
if (count($sessions) >= $maxSessions && $this->alwaysCreateSession !== true) {
if ($this->exceptionIfMaximumExceeded) {
throw new \RuntimeException(sprintf('Maximum of sessions (%s) exceeded', $maxSessions));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you should use an exception of the component here as the Security component always throws its own exception (extending the SPL ones)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

returning MaxSessionsExceededException

}
Expand Down Expand Up @@ -107,18 +107,15 @@ public function setMaximumSessions($maximumSessions)
/**
* Allows subclasses to customise behaviour when too many sessions are detected.
*
* @param SessionInformationIterator $sessions
* @param array $sessions
* @param integer $allowableSessions
* @param SessionRegistry $registry
* @return void
*/
protected function allowableSessionsExceeded(SessionInformationIterator $sessions, $allowableSessions, SessionRegistry $registry)
protected function allowableSessionsExceeded($sessions, $allowableSessions, SessionRegistry $registry)
{
// remove oldest sessions from registry
$count = 0;
$sessions->sort();

for ($i = $allowableSessions - 1; $i < $sessions->count(); $i++) {
for ($i = $allowableSessions - 1; $i < count($sessions); $i++) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for ($i = $allowableSessions - 1, $countSessions = count($sessions); $i < $countSessions; $i++) {

$sessions[$i]->expireNow();
$registry->setSessionInformation($sessions[$i]);
}
Expand Down
157 changes: 0 additions & 157 deletions 157 src/Symfony/Component/Security/Http/Session/SessionInformationIterator.php
View file
Open in desktop

This file was deleted.

6 changes: 2 additions & 4 deletions 6 src/Symfony/Component/Security/Http/Session/SessionRegistry.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,11 @@ class SessionRegistry
{
protected $sessionRegistryStorage;
protected $sessionInformationClass;
protected $sessionInformationIteratorClass;

public function __construct(SessionRegistryStorageInterface $sessionRegistryStorage, $sessionInformationClass, $sessionInformationIteratorClass)
public function __construct(SessionRegistryStorageInterface $sessionRegistryStorage, $sessionInformationClass)
{
$this->sessionRegistryStorage = $sessionRegistryStorage;
$this->sessionInformationClass = $sessionInformationClass;
$this->sessionInformationIteratorClass = $sessionInformationIteratorClass;
}

/**
Expand All @@ -48,7 +46,7 @@ public function getAllUsers()
*
* @param UserInterface $user the specified user.
* @param boolean $includeExpiredSessions.
* @return SessionInformationIterator $sessions the known sessions.
* @return array An array of SessionInformation objects.
*/
public function getAllSessions(UserInterface $user, $includeExpiredSessions = false)
{
Expand Down
5 changes: 3 additions & 2 deletions 5 src/Symfony/Component/Security/Http/Session/SessionRegistryStorageInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,9 @@ function getSessionInformation($sessionId);
/**
* Obtains the maintained information for one user.
*
* @param string $sessionId the session identifier key.
* @return SessionInformation a SessionInformation object.
* @param string $username The user identifier.
* @param boolean $includeExpiredSessions.
* @return array An array of SessionInformation objects.
*/
function getSessionInformations($username, $includeExpiredSessions);

Expand Down
Morty Proxy This is a proxified and sanitized view of the page, visit original site.