Revise session handling to prepare API authentication via token

2025-10-14 17:24:07 +00:00 · 2018-04-19 20:44:49 +02:00
parent 0c85342404
commit eae5b8bad9
9 changed files with 101 additions and 70 deletions
--- a/services/SessionService.php
+++ b/services/SessionService.php
@@ -24,11 +24,11 @@ class SessionService extends BaseService
 	 */
 	public function CreateSession()
 	{
-		$newSessionKey = uniqid() . uniqid() . uniqid();
+		$newSessionKey = $this->GenerateSessionKey();
 		
 		$sessionRow = $this->Database->sessions()->createRow(array(
 			'session_key' => $newSessionKey,
-			'expires' => time() + 2592000 //30 days
+			'expires' => time() + 2592000 // 30 days
 		));
 		$sessionRow->save();

@@ -39,4 +39,9 @@ class SessionService extends BaseService
 	{
 		$this->Database->sessions()->where('session_key', $sessionKey)->delete();
 	}
+
+	private function GenerateSessionKey()
+	{
+		return RandomString(50);
+	}
 }