Improve session handler and add Ajax session check

author: Frédéric Guillot <fred@kanboard.net> 2014-11-29 17:18:23 -0500
committer: Frédéric Guillot <fred@kanboard.net> 2014-11-29 17:18:23 -0500
commit: e72327d4b1fd92675372a118052f1c9847f882dc (patch)
tree: 8147a3ae0c6304769b8da747626467f032d1f171 /app/Controller/Base.php
parent: 7d36747de634f7101bdaeed38e634adbc5f11b02 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index c1753c97..92a3d068 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -140,7 +140,7 @@ abstract class Base
     public function beforeAction($controller, $action)
     {
         // Start the session
-        $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
+        $this->session->open(BASE_URL_DIRECTORY);
 
         // HTTP secure headers
         $this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
@@ -161,6 +161,11 @@ abstract class Base
 
         // Authentication
         if (! $this->authentication->isAuthenticated($controller, $action)) {
+
+            if ($this->request->isAjax()) {
+                $this->response->text('Not Authorized', 401);
+            }
+
             $this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
         }
author	Frédéric Guillot <fred@kanboard.net>	2014-11-29 17:18:23 -0500
committer	Frédéric Guillot <fred@kanboard.net>	2014-11-29 17:18:23 -0500
commit	e72327d4b1fd92675372a118052f1c9847f882dc (patch)
tree	8147a3ae0c6304769b8da747626467f032d1f171 /app/Controller/Base.php
parent	7d36747de634f7101bdaeed38e634adbc5f11b02 (diff)