/
AbstractSessionStorage.php
319 lines (286 loc) · 9.31 KB
/
AbstractSessionStorage.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\HttpFoundation\Session\Storage;
use Symfony\Component\HttpFoundation\Session\SessionBagInterface;
/**
* This provides a base class for session attribute storage.
*
* @author Drak <drak@zikula.org>
*/
abstract class AbstractSessionStorage implements SessionStorageInterface
{
/**
* Array of SessionBagInterface
*
* @var array
*/
protected $bags;
/**
* @var array
*/
protected $options = array();
/**
* @var boolean
*/
protected $started = false;
/**
* @var boolean
*/
protected $closed = false;
/**
* Constructor.
*
* Depending on how you want the storage driver to behave you probably
* want top override this constructor entirely.
*
* List of options for $options array with their defaults.
* @see http://www.php.net/manual/en/session.configuration.php for options
* but we omit 'session.' from the beginning of the keys.
*
* auto_start, "0"
* cache_limiter, ""
* cookie_domain, ""
* cookie_httponly, ""
* cookie_lifetime, "0"
* cookie_path, "/"
* cookie_secure, ""
* entropy_file, ""
* entropy_length, "0"
* gc_divisor, "100"
* gc_maxlifetime, "1440"
* gc_probability, "1"
* hash_bits_per_character, "4"
* hash_function, "0"
* name, "PHPSESSID"
* referer_check, ""
* save_path, ""
* serialize_handler, "php"
* use_cookies, "1"
* use_only_cookies, "1"
* use_trans_sid, "0"
* upload_progress.enabled, "1"
* upload_progress.cleanup, "1"
* upload_progress.prefix, "upload_progress_"
* upload_progress.name, "PHP_SESSION_UPLOAD_PROGRESS"
* upload_progress.freq, "1%"
* upload_progress.min-freq, "1"
* url_rewriter.tags, "a=href,area=href,frame=src,form=,fieldset="
*
* @param array $options Session configuration options.
*/
public function __construct(array $options = array())
{
$this->setOptions($options);
$this->registerSaveHandlers();
$this->registerShutdownFunction();
}
/**
* {@inheritdoc}
*/
public function start()
{
if ($this->started && !$this->closed) {
return true;
}
if ($this->options['use_cookies'] && headers_sent()) {
throw new \RuntimeException('Failed to start the session because header have already been sent.');
}
// start the session
if (!session_start()) {
throw new \RuntimeException('Failed to start the session');
}
$this->loadSession();
$this->started = true;
$this->closed = false;
return true;
}
/**
* {@inheritdoc}
*/
public function getId()
{
if (!$this->started) {
return ''; // returning empty is consistent with session_id() behaviour
}
return session_id();
}
/**
* {@inheritdoc}
*/
public function regenerate($destroy = false)
{
return session_regenerate_id($destroy);
}
/**
* {@inheritdoc}
*/
public function save()
{
session_write_close();
$this->closed = true;
}
/**
* {@inheritdoc}
*/
public function clear()
{
// clear out the bags
foreach ($this->bags as $bag) {
$bag->clear();
}
// clear out the session
$_SESSION = array();
// reconnect the bags to the session
$this->loadSession();
}
/**
* {@inheritdoc}
*/
public function registerBag(SessionBagInterface $bag)
{
$this->bags[$bag->getName()] = $bag;
}
/**
* {@inheritdoc}
*/
public function getBag($name)
{
if (!isset($this->bags[$name])) {
throw new \InvalidArgumentException(sprintf('The SessionBagInterface %s is not registered.', $name));
}
if ($this->options['auto_start'] && !$this->started) {
$this->start();
}
return $this->bags[$name];
}
/**
* Sets session.* ini variables.
*
* For convenience we omit 'session.' from the beginning of the keys.
* Explicitly ignores other ini keys.
*
* session_get_cookie_params() overrides values.
*
* @param array $options
*
* @see http://www.php.net/manual/en/session.configuration.php
*/
protected function setOptions(array $options)
{
$this->options = $options;
// set defaults for certain values
$defaults = array(
'cache_limiter' => '', // disable by default because it's managed by HeaderBag (if used)
'auto_start' => false,
'use_cookies' => true,
'cookie_httponly' => true,
);
foreach ($defaults as $key => $value) {
if (!isset($this->options[$key])) {
$this->options[$key] = $value;
}
}
foreach ($this->options as $key => $value) {
if (in_array($key, array(
'auto_start', 'cache_limiter', 'cookie_domain', 'cookie_httponly',
'cookie_lifetime', 'cookie_path', 'cookie_secure',
'entropy_file', 'entropy_length', 'gc_divisor',
'gc_maxlifetime', 'gc_probability', 'hash_bits_per_character',
'hash_function', 'name', 'referer_check',
'save_path', 'serialize_handler', 'use_cookies',
'use_only_cookies', 'use_trans_sid', 'upload_progress.enabled',
'upload_progress.cleanup', 'upload_progress.prefix', 'upload_progress.name',
'upload_progress.freq', 'upload_progress.min-freq', 'url_rewriter.tags'))) {
ini_set('session.'.$key, $value);
}
}
}
/**
* Registers this storage device for PHP session handling.
*
* PHP requires session save handlers to be set, either it's own, or custom ones.
* There are some defaults set automatically when PHP starts, but these can be overriden
* using this command if you need anything other than PHP's default handling.
*
* When the session starts, PHP will call the sessionRead() handler which should return an array
* of any session attributes. PHP will then populate these into $_SESSION.
*
* When PHP shuts down, the write() handler is called and will pass the $_SESSION contents
* to be stored.
*
* When a session is specifically destroyed, PHP will call the destroy() handler with the
* session ID. This happens when the session is regenerated for example and th handler
* MUST delete the session by ID from the persistent storage immediately.
*
* PHP will call gc() from time to time to expire any session records according to the
* set max lifetime of a session. This routine should delete all records from persistent
* storage which were last accessed longer than the $lifetime.
*
* PHP open() and close() are pretty much redundant and can just return true.
*
* NOTE:
*
* To use PHP native save handlers, override this method using ini_set with
* session.save_handlers and session.save_path e.g.
*
* ini_set('session.save_handlers', 'files');
* ini_set('session.save_path', /tmp');
*
* @see http://php.net/manual/en/function.session-set-save-handler.php
* @see \SessionHandlerInterface
* @see http://php.net/manual/en/class.sessionhandlerinterface.php
*/
protected function registerSaveHandlers()
{
// note this can be reset to PHP's control using ini_set('session.save_handler', 'files');
// so long as ini_set() is called before the session is started.
if ($this instanceof \SessionHandlerInterface) {
session_set_save_handler(
array($this, 'open'),
array($this, 'close'),
array($this, 'read'),
array($this, 'write'),
array($this, 'destroy'),
array($this, 'gc')
);
}
}
/**
* Registers PHP shutdown function.
*
* This method is required to avoid strange issues when using PHP objects as
* session save handlers.
*/
protected function registerShutdownFunction()
{
register_shutdown_function('session_write_close');
}
/**
* Load the session with attributes.
*
* After starting the session, PHP retrieves the session from whatever handlers
* are set to (either PHP's internal, custom set with session_set_save_handler()).
* PHP takes the return value from the sessionRead() handler, unserializes it
* and populates $_SESSION with the result automatically.
*
* @param array|null $session
*/
protected function loadSession(array &$session = null)
{
if (null === $session) {
$session = &$_SESSION;
}
foreach ($this->bags as $bag) {
$key = $bag->getStorageKey();
$session[$key] = isset($session[$key]) ? $session[$key] : array();
$bag->initialize($session[$key]);
}
}
}