From f77e4699fe946e4f49d4a75535d044e044e662f3 Mon Sep 17 00:00:00 2001
From: b_b <bruno@eliaz.fr>
Date: Fri, 13 Mar 2020 23:37:28 +0100
Subject: [PATCH] =?UTF-8?q?report=20adapt=C3=A9=20de=20a0c24ecb6f8c1d70dce?=
 =?UTF-8?q?86b859eb448fb0415d869?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ref #4312
---
 ecrire/inc/session.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ecrire/inc/session.php b/ecrire/inc/session.php
index b86ff38636..807aef823a 100644
--- a/ecrire/inc/session.php
+++ b/ecrire/inc/session.php
@@ -77,16 +77,26 @@ function inc_session_dist($auteur = false) {
  */
 function supprimer_sessions($id_auteur, $toutes = true, $actives = true) {
 
+	$nb_files = 0;
+	$nb_max_files = (defined('_MAX_NB_SESSIONS_OUVERTES') ? _MAX_NB_SESSIONS_OUVERTES : 1000);
 	spip_log("supprimer sessions auteur $id_auteur", "session");
 	if ($toutes or $id_auteur !== $GLOBALS['visiteur_session']['id_auteur']) {
 		if ($dir = opendir(_DIR_SESSIONS)) {
+			$t = $_SERVER['REQUEST_TIME']  - (4*_RENOUVELLE_ALEA); // 48h par defaut
+			$t_short = $_SERVER['REQUEST_TIME']  - max(_RENOUVELLE_ALEA/4,3*3600); // 3h par defaut
 			$t = time() - (4 * _RENOUVELLE_ALEA);
 			while (($f = readdir($dir)) !== false) {
+				$nb_files++;
 				if (preg_match(",^[^\d-]*(-?\d+)_\w{32}\.php[3]?$,", $f, $regs)) {
 					$f = _DIR_SESSIONS . $f;
 					if (($actives and $regs[1] == $id_auteur) or ($t > filemtime($f))) {
 						spip_unlink($f);
 					}
+					// si il y a trop de sessions ouvertes, on purge les sessions anonymes de plus de 3H
+					// cf http://core.spip.org/issues/3276
+					elseif ($nb_files>$nb_max_files and !intval($regs[1]) and ($t_short > filemtime($f))) {
+						spip_unlink($f);
+					}
 				}
 			}
 		}
-- 
GitLab