From c4c262a6c31b19cfbf0d8e2d561a837a4733e4c3 Mon Sep 17 00:00:00 2001
From: Ben Roberts <ben@sihnon.net>
Date: Mon, 16 Jan 2012 00:18:19 +0000
Subject: [PATCH] Add sensitive variable support to Session, cleared on login

---
 source/lib/SihnonFramework/Session.class.php | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/source/lib/SihnonFramework/Session.class.php b/source/lib/SihnonFramework/Session.class.php
index b6b3ccb..e5fc315 100644
--- a/source/lib/SihnonFramework/Session.class.php
+++ b/source/lib/SihnonFramework/Session.class.php
@@ -7,11 +7,13 @@ class SihnonFramework_Session {
     protected $enabled;
     protected $state;
     protected $dirty;
+    protected $sensitive;
     
     public function __construct(Sihnon_Config $config) {
         $this->config = $config;
         $this->enabled = false;
         $this->dirty = false;
+        $this->sensitive = array();
         
         if ($this->config->exists('sessions') && $this->config->get('sessions')) {
             $this->enabled = true;
@@ -47,8 +49,12 @@ class SihnonFramework_Session {
         }
     }
     
-    public function set($name, $value) {
+    public function set($name, $value, $sensitive = false) {
         $this->state[$name] = $value;
+        if ($sensitive) {
+            $this->sensitive[$name] = true;
+        }
+        
         $this->dirty = true;
     }
     
@@ -73,6 +79,14 @@ class SihnonFramework_Session {
         if ($this->enabled) {
             session_regenerate_id(true);
         }
+        
+        // Clear any sensitive values
+        foreach ($this->sensitive as $name => $value) {
+            if ($value) {
+                $this->delete($name);
+            }
+        }
+        $this->sensitive = array();
     }
     
 }