From 24fbe455a1622c4dcc042b12f23ea4da77271c47 Mon Sep 17 00:00:00 2001
From: Eike Foken <kontakt@eikefoken.de>
Date: Wed, 10 Aug 2011 19:26:44 +0200
Subject: [PATCH] Handle ajax requests correctly

---
 application/hooks/global.php         |  12 +--
 application/libraries/MY_Session.php | 129 ++++++++++++++-------------
 2 files changed, 75 insertions(+), 66 deletions(-)

diff --git a/application/hooks/global.php b/application/hooks/global.php
index 23c53b1..a67e033 100644
--- a/application/hooks/global.php
+++ b/application/hooks/global.php
@@ -2,17 +2,17 @@
 
 /*
  * Copyright (c) 2011 Karsten Heiken <karsten@disposed.de>
- * 
+ *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
  * in the Software without restriction, including without limitation the rights
  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is 
+ * copies of the Software, and to permit persons to whom the Software is
  * furnished to do so, subject to the following conditions:
- * 
+ *
  * The above copyright notice and this permission notice shall be included in
  * all copies or substantial portions of the Software.
- * 
+ *
  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@@ -33,9 +33,9 @@ function check_login() {
 
 	// whitelisted (publicly available) controllers
 	$public_controllers = array('auth');
-	
+
 	$CI = & get_instance();
-	if (!$CI->access->loggedIn() && !in_array($CI->router->class, $public_controllers)) {
+	if (!$CI->input->is_ajax_request() && !$CI->access->loggedIn() && !in_array($CI->router->class, $public_controllers)) {
 		redirect('auth/login');
 	}
 }
\ No newline at end of file
diff --git a/application/libraries/MY_Session.php b/application/libraries/MY_Session.php
index e7e1e80..9beff5c 100644
--- a/application/libraries/MY_Session.php
+++ b/application/libraries/MY_Session.php
@@ -7,83 +7,92 @@
  */
 class MY_Session extends CI_Session {
 
-    /**
-     * Calls the parent constructor.
-     */
-    public function __construct() {
-        parent::__construct();
-    }
+	/**
+	 * Calls the parent constructor.
+	 */
+	public function __construct() {
+		parent::__construct();
+	}
 
-    /**
-     * Generates a random and unique session ID.
-     *
-     * @return string
-     */
-    private function generateHash() {
-        return sha1(uniqid(microtime() . $this->CI->input->ip_address(), true));
-    }
+	/**
+	 * Generates a random and unique session ID.
+	 *
+	 * @return string
+	 */
+	private function generateHash() {
+		return sha1(uniqid(microtime() . $this->CI->input->ip_address(), true));
+	}
 
-    /**
-     * Creates a new session.
-     */
-    public function sess_create() {
-        $this->userdata = array(
+	/**
+	 * Creates a new session.
+	 *
+	 * @see CI_Session::sess_create()
+	 */
+	public function sess_create() {
+		$this->userdata = array(
         	'session_id' => $this->generateHash(),
         	'ip_address' => $this->CI->input->ip_address(),
         	'user_agent' => substr($this->CI->input->user_agent(), 0, 50),
         	'last_activity' => $this->now
-        );
+		);
 
-        // save data to the DB if needed
-        if ($this->sess_use_database === true) {
-            $this->CI->db->insert($this->sess_table_name, $this->userdata);
-        }
+		// save data to the DB if needed
+		if ($this->sess_use_database === true) {
+			$this->CI->db->insert($this->sess_table_name, $this->userdata);
+		}
 
-        // write the cookie
-        $this->_set_cookie();
-    }
+		// write the cookie
+		$this->_set_cookie();
+	}
 
-    /**
-     * Updates an existing session.
-     */
-    public function sess_update() {
-    	// skip the session update in case of an ajax call
-    	if ($this->CI->input->is_ajax_request()) {
-    		return;
-    	}
+	/**
+	 * Updates an existing session.
+	 *
+	 * @see CI_Session::sess_update()
+	 */
+	public function sess_update() {
+		// we only update the session every five minutes by default
+		if ($this->userdata['last_activity'] + $this->sess_time_to_update >= $this->now) {
+			return;
+		}
 
-    	// we only update the session every five minutes by default
-        if ($this->userdata['last_activity'] + $this->sess_time_to_update >= $this->now) {
-            return;
-        }
+		$oldSessionID = $this->userdata['session_id'];
+		$newSessionID = $this->generateHash();
 
-        $oldSessionID = $this->userdata['session_id'];
-        $newSessionID = $this->generateHash();
+		$this->userdata['session_id'] = $newSessionID;
+		$this->userdata['last_activity'] = $this->now;
 
-        $this->userdata['session_id'] = $newSessionID;
-        $this->userdata['last_activity'] = $this->now;
+		$cookieData = null;
 
-        $cookieData = null;
+		// update the DB if needed
+		if ($this->sess_use_database === true) {
+			// set cookie explicitly to only have our session data
+			$cookieData = array();
+			foreach (array('session_id', 'user_id', 'ip_address', 'user_agent', 'last_activity') as $val) {
+				$cookieData[$val] = $this->userdata[$val];
+			}
 
-        // update the DB if needed
-        if ($this->sess_use_database === true) {
-            // set cookie explicitly to only have our session data
-            $cookieData = array();
-            foreach (array('session_id', 'user_id', 'ip_address', 'user_agent', 'last_activity') as $val) {
-                $cookieData[$val] = $this->userdata[$val];
-            }
+			$this->CI->db->update($this->sess_table_name, array('last_activity' => $this->now, 'user_id' => $this->userdata['user_id'], 'session_id' => $newSessionID), array('session_id' => $oldSessionID));
 
-            $this->CI->db->update($this->sess_table_name, array('last_activity' => $this->now, 'user_id' => $this->userdata['user_id'], 'session_id' => $newSessionID), array('session_id' => $oldSessionID));
+			// update users table if user is logged in
+			if (array_key_exists('user_id', $this->userdata) && $this->userdata['user_id'] > 0) {
+				$this->CI->db->update('users', array('last_activity' => $this->now), array('id' => $this->userdata['user_id']));
+			}
+		}
 
-            // update users table if user is logged in
-            if (array_key_exists('user_id', $this->userdata) && $this->userdata['user_id'] > 0) {
-                $this->CI->db->update('users', array('last_activity' => $this->now), array('id' => $this->userdata['user_id']));
-            }
-        }
+		// write the cookie
+		$this->_set_cookie($cookieData);
+	}
 
-        // write the cookie
-        $this->_set_cookie($cookieData);
-    }
+	/**
+	 * Destroys an existing session.
+	 *
+	 * @see CI_Session::sess_destroy()
+	 */
+	public function sess_destroy() {
+		parent::sess_destroy();
+		$this->userdata = array();
+	}
 }
 
 /* End of file MY_Session.php */