phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required.

4 files changed, 18 insertions, 15 deletions

diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php
index 58f4eba..77a55fb 100644
--- a/src/usr/local/www/csrf/csrf-magic.php
+++ b/src/usr/local/www/csrf/csrf-magic.php
@@ -13,6 +13,8 @@
  * This library is PHP4 and PHP5 compatible.
  */
 
+include_once('phpsessionmanager.inc');
+
 // CONFIGURATION:
 
 /**
@@ -348,7 +350,7 @@ function csrf_conf($key, $val) {
  */
 function csrf_start() {
     if ($GLOBALS['csrf']['auto-session'] && !session_id()) {
-        session_start();
+        phpsession_begin();
     }
 }
 
diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php
index d4ea401..6660e38 100644
--- a/src/usr/local/www/firewall_virtual_ip.php
+++ b/src/usr/local/www/firewall_virtual_ip.php
@@ -191,17 +191,16 @@ if ($_POST['act'] == "del") {
 		}
 
 		if (!$input_errors) {
-			if (!session_id()) {
-				session_start();
-			}
+			phpsession_begin();
 			$user = getUserEntry($_SESSION['Username']);
 
 			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
 				header("Location: firewall_virtual_ip.php");
+				phpsession_end();
 				exit;
 			}
+			phpsession_end();
 
-			session_commit();
 
 			// Special case since every proxyarp vip is handled by the same daemon.
 			if ($a_vip[$_POST['id']]['mode'] == "proxyarp") {
diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc
index 2fa69fe..e477be3 100644
--- a/src/usr/local/www/guiconfig.inc
+++ b/src/usr/local/www/guiconfig.inc
@@ -25,6 +25,7 @@
 
 /* Include authentication routines */
 /* THIS MUST BE ABOVE ALL OTHER CODE */
+include_once('phpsessionmanager.inc');
 if (!$nocsrf) {
 	function csrf_startup() {
 		global $config;
@@ -33,6 +34,9 @@ if (!$nocsrf) {
 		csrf_conf('expires', $timeout_minutes * 60);
 	}
 	require_once("csrf/csrf-magic.php");
+	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+		phpsession_end(true);
+	}
 }
 
 /* make sure nothing is cached */
@@ -1212,18 +1216,20 @@ var_dump($content);die;
 }
 
 function set_flash_message($class, $msg) {
-	@session_start();
+	@phpsession_begin();
 	$_SESSION['flash_messages'][$class][] = $msg;
+	@phpsession_end(true);
 }
 
 function get_flash_message() {
-	@session_start();
+	@phpsession_begin();
 	if (isset($_SESSION['flash_messages']) && !empty($_SESSION['flash_messages'])) {
 		foreach ($_SESSION['flash_messages'] as $class => $flash_message) {
 			print_info_box(implode("<br />", $flash_message), $class);
 		}
 		unset($_SESSION['flash_messages']);
 	}
+	@phpsession_end(true);
 }
 
 /* Retrieve GET or POST Value/State
diff --git a/src/usr/local/www/system_usermanager_passwordmg.php b/src/usr/local/www/system_usermanager_passwordmg.php
index 87cc791..9c81b02 100644
--- a/src/usr/local/www/system_usermanager_passwordmg.php
+++ b/src/usr/local/www/system_usermanager_passwordmg.php
@@ -45,16 +45,14 @@ if (isset($_POST['save'])) {
 	}
 
 	if (!$input_errors) {
-		if (!session_id()) {
-			session_start();
-		}
+		phpsession_begin();
 		// all values are okay --> saving changes
 
 		$userent =& $config['system']['user'][$userindex[$_SESSION['Username']]];
 		local_user_set_password($userent, $_POST['passwordfld1']);
 		local_user_set($userent);
 		unset($userent);
-		session_commit();
+		phpsession_end(true);
 
 		write_config();
 
@@ -62,9 +60,7 @@ if (isset($_POST['save'])) {
 	}
 }
 
-if (!session_id()) {
-	session_start();
-}
+phpsession_begin();
 
 /* determine if user is not local to system */
 $islocal = false;
@@ -74,7 +70,7 @@ foreach ($config['system']['user'] as $user) {
 	}
 }
 
-session_commit();
+phpsession_end(true);
 
 include("head.inc");