search

jegelstaff / formulize

Unified data management. One system to handle all data entry, collection, and reporting, across all your unique workflows. Simplify processes. Make people happy.
https://www.formulize.org
GNU General Public License v2.0
27 stars 14 forks source link

Always load some session if its there, never nullify an existing session! #503

Closed jegelstaff closed 4 months ago

jegelstaff commented 4 months ago

In strange cases (multiple requests to server at once from same user, because of XHR or img tags, etc), we might loop through the entire set of ticks when reading the session, without slipping through to the actual loading of the session. In that case, return empty string. Ack! No more session!

Now when the loop is done, we go with whatever session we have found, no matter what. Session is only nullified if there's a change in IP address, which is a totally valid security measure against session stealing.

jegelstaff commented 4 months ago

Also, instead of waiting a second between checks, we wait 1/3rd of a second, which may reduce the waiting time, without massively increasing the burden on the DB to be checking the session table.