function session_limit_init in Session Limit 7.2
Same name and namespace in other branches
- 5 session_limit.module \session_limit_init()
- 6.2 session_limit.module \session_limit_init()
- 6 session_limit.module \session_limit_init()
Implements hook_init().
Determine whether session has been verified. Redirect user if over session limit. Established Sessions do NOT need to verify every page load. The new session must deal w/ determining which connection is cut.
This intentionally doesn't use hook_user()'s login feature because that's only really useful if the login event always boots off at least one other active session. Doing it this way makes sure that the newest session can't browse to a different page after their login has validated.
File
- ./
session_limit.module, line 268 - Limits multiple sessions per user.
Code
function session_limit_init() {
global $user;
$user_match = variable_get('session_limit_include_root_user', FALSE) ? 0 : 1;
if ($user->uid > $user_match && !isset($_SESSION['session_limit'])) {
if (_session_limit_bypass()) {
// Bypass the session limitation on this page callback.
return;
}
$query = db_select('sessions', 's')
->distinct()
->fields('s', array(
'sid',
))
->condition('s.uid', $user->uid);
if (module_exists('masquerade') && variable_get('session_limit_masquerade_ignore', FALSE)) {
$query
->leftJoin('masquerade', 'm', 's.uid = m.uid_as AND s.sid = m.sid');
$query
->isNull('m.sid');
}
$active_sessions = $query
->countQuery()
->execute()
->fetchField();
$max_sessions = session_limit_user_max_sessions();
if (!empty($max_sessions) && $active_sessions > $max_sessions) {
session_limit_invoke_session_limit(session_id(), 'collision');
}
else {
// force checking this twice as there's a race condition around session creation.
// see issue #1176412
if (!isset($_SESSION['session_limit_checkonce'])) {
$_SESSION['session_limit_checkonce'] = TRUE;
}
else {
// mark session as verified to bypass this in future.
$_SESSION['session_limit'] = TRUE;
}
}
}
}