session An enhaced version of CDbHttpSession which extra checks for Full Ip Address/Partial Ip Address and User Agent

  1. Requirements
  2. Usage
  3. Changelog

This extension does some extra security checks on the user IP address and User Agent. It is fully customizable and you can enable/disable the checks when you need. If no extra check is enabled, then the default behavior is exactly the same as the original Yii CDbHttpSession Class.

Beside the configuration options provided by original Yii CDbHttpSession Class, this extension provides following 3 options:

1)compareIpBlocks- (integer) How many blocks from the ip address should be compared (defaults to 0). It has an effect only if the value is > 0 and compareIpAddress is set to true.
2)compareIpAddress - (boolean) If the client ip should be checked.  
3)compareUserAgent - (boolean) If the User Agent should be checked.

Requirements

Yii 1.1 (checked with Yii 1.1.5)

Usage

You need to add MyCDbHttpSession.php file into your components directory, then edit your config file, main.php in the components area like:

'session' => array(
            'class' => 'application.components.MyCDbHttpSession',
            'connectionID' => 'db',
            'sessionTableName'  =>  'TABLE_NAME',
            'autoCreateSessionTable'   =>  true,
            //Extension properties
            'compareIpAddress'=>true,
            'compareUserAgent'=>true,
            'compareIpBlocks'=>0
            ),

Be careful at the option "autoCreateSessionTable", after you create your table, set it to false.

The table structure:

CREATE TABLE IF NOT EXISTS `{$tableName}` (
          `id` char(32) NOT NULL,
          `ip_address` int(10) unsigned NOT NULL DEFAULT '0',
          `user_agent` char(32) NOT NULL,
          `expire` int(11) DEFAULT NULL,
          `data` text,
          PRIMARY KEY (`id`)
        ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

You can change the engine to MyIsam if needed, i like Inno better so it is my default choice.

This class has been tested, but it would help if i can get some feedback.

Changelog

SQLite Version 1.3
Thanks to thiromi who sent me the version for SQLite and confirmed that the changes he did, works as they should.

Version 1.3

  • fixed the bug when users couldn't stay logged in if "remember me" option wasn't checked. Thanks @cesig.

  • Note, only Version 1.2 suffers this bug, 1.1 and 1.3 are okay.

Version 1.2

  • dropped the usage for bindValues() as it caused problems for some users.

  • added setters and getters for component properties.

Version 1.1

  • Changed the database table structure for the ip_address field into unsigned int(10) for mysql inet_aton() and inet_ntoa() compatibility

  • Changed the database table structure for the user_agent field into char(32)

  • Changed the way how user agent is stored, now it is a md5() of the entire user agent string

  • minor code tweaks

8 0
27 followers
3 580 downloads
Yii Version: 1.1
License: (not set)
Category: Security
Developed by: twisted1919
Created on: Jan 9, 2011
Last updated: 7 years ago

Downloads

show all

Related Extensions