You are here

function session_limit_init in Session Limit 6.2

Same name and namespace in other branches
  1. 5 session_limit.module \session_limit_init()
  2. 6 session_limit.module \session_limit_init()
  3. 7.2 session_limit.module \session_limit_init()

Implementation of hook_init().

Determine whether session has been verified. Redirect user if over session limit. Established Sessions do NOT need to verify every page load. The new session must deal w/ determining which connection is cut.

This intentionally doesn't use hook_user()'s login feature because that's only really useful if the login event always boots off at least one other active session. Doing it this way makes sure that the newest session can't browse to a different page after their login has validated.

File

./session_limit.module, line 232
Limits multiple sessions per user.

Code

function session_limit_init() {
  global $user;
  if ($user->uid > 1 && !isset($_SESSION['session_limit'])) {

    // Exclude from the redirect.
    if (_session_limit_bypass()) {

      // Bypass the session limitation on this page callback.
      return;
    }
    if (module_exists('masquerade') && variable_get('session_limit_masquerade_ignore', FALSE)) {
      $result = db_query('SELECT COUNT(DISTINCT(s.sid)) AS scount FROM {sessions} AS s
        LEFT JOIN {masquerade} AS m ON s.uid = m.uid_as AND s.sid = m.sid
        WHERE s.uid = %d AND m.sid IS NULL', $user->uid);
    }
    else {
      $result = db_query('SELECT COUNT(DISTINCT(sid)) AS scount FROM {sessions} WHERE uid = %d', $user->uid);
    }
    $max_sessions = session_limit_user_max_sessions();
    $active_sessions = db_result($result);
    if (!empty($max_sessions) && $active_sessions > $max_sessions) {
      session_limit_invoke_session_limit(session_id(), 'collision');
    }
    else {

      // Force checking this twice as there's a race condition around session creation.
      // see issue #1176412.
      if (!isset($_SESSION['session_limit_checkonce'])) {
        $_SESSION['session_limit_checkonce'] = TRUE;
      }
      else {

        // Mark session as verified to bypass this in future.
        $_SESSION['session_limit'] = TRUE;
      }
    }
  }
}