Session delete_old_data() IS a huge bug
Development and Programming
delete_old_data()is deleting sessions it should not be with no regard to cookie settings.
Even with the site settings set to cookies only for non cpanel users, when a user session is deleted from the sessions database the user is no longer logged in.
When this delete_old_sessions function is called by the Session constructor it deletes “old” sessions regardless of who they are from and it depends on the timeout setting of who is logged in when this construtctor is called.
For example if an admin is logged in and the cpanel timeout is one hour, then $this->session_length will be one hour, and if this is called during the admins page loads then other users who have been on for more than an hour will have their session deleted. There is nothing in the code to just delete the current user’s data or distinguish theirs from other’s timeout length. Am I wrong about this? If so, please explain. My users are all experiencing really weird logouts.
/**
* Delete old sessions if probability is met
*
* By default, the probability is set to 5 percent.
* That means sessions will only be deleted one
* out of ten times a page is loaded.
*/
public function delete_old_sessions()
{
$expire = ee()->localize->now - $this->session_length;
srand(time());
if ((rand() % 100) < $this->gc_probability)
{
ee()->db->where('last_activity < ', $expire)
->delete('sessions');
}
}