Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Allowing Session id to be set manually #818

Closed
wants to merge 3 commits into from

4 participants

@thechriswalker

Updated the Session adaptable to pass through an optional
session_id parameter in the ::key method, to set the
session id, rather than only allowing getting of the id.
The PHP adapter supported this, but the functionality was
masked by the Session adaptable not passing the id on.

This uncovered a bug in the PHP adaptable in the ::isStarted
method which would false-positive if session_id($non_empty)
had been called beforehand. Also, the ::enabled() method
was checking whether a session had been started, and not whether
php session functionality was enabled. Both of these have been
fixed and the test updated.

NB session started detection is vastly superior in PHP5.4 due
to the presence of the session_status() function.

@thechriswalker thechriswalker Allowing Session id to be set manually
Updated the Session adaptable to pass through an optional
session_id parameter in the `::key` method, to set the
session id, rather than only allowing getting of the id.
The PHP adapter supported this, but the functionality was
masked by the Session adaptable not passing the id on.

This uncovered a bug in the PHP adaptable in the `::isStarted`
method which would false-positive if `session_id($non_empty)`
had been called beforehand. Also, the `::enabled()` method
was checking whether a session had been started, and not whether
php session functionality was enabled. Both of these have been
fixed and the test updated.

NB session started detection is vastly superior in PHP5.4 due
to the presence of the `session_status()` function.
84f0030
@gwoo
Owner

Could you describe the use case for why this is necessary?

@nateabele
Owner

Strictly speaking, the implementation for enabled() that we have now is not correct, which is why I asked him to submit the PR.

That said, this patch fails the coding standards on two counts: variables should be camelBacked, and I count two unnecessary else clauses. Finally, this causes some tests to fail on 5.3, so if you could fix the patch and squash accordingly, that'd be awesome. Thanks.

@thechriswalker

I'll fix up the coding standards and rebase as requested.

As for the purpose, in an app I am writing, I do not want to use session cookies, but access tokens in an HTTP header. However in principle the two things are analogous and using the Session adapter provides me with the functionality I need.

The user specifies a token in a header and that is used to key the session. Before this change it was impossible to set the session id manually, because the Php adapter class would false-positive thinking the session was already started.

@thechriswalker

Hope I've found all the violations! I call 'first contribution' :cake:

@jails
Collaborator

Thanks ! Just squash the PR and it'll be awesome ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 8, 2013
  1. @thechriswalker

    Allowing Session id to be set manually

    thechriswalker authored
    Updated the Session adaptable to pass through an optional
    session_id parameter in the `::key` method, to set the
    session id, rather than only allowing getting of the id.
    The PHP adapter supported this, but the functionality was
    masked by the Session adaptable not passing the id on.
    
    This uncovered a bug in the PHP adaptable in the `::isStarted`
    method which would false-positive if `session_id($non_empty)`
    had been called beforehand. Also, the `::enabled()` method
    was checking whether a session had been started, and not whether
    php session functionality was enabled. Both of these have been
    fixed and the test updated.
    
    NB session started detection is vastly superior in PHP5.4 due
    to the presence of the `session_status()` function.
  2. @thechriswalker
  3. @thechriswalker
This page is out of date. Refresh to see the latest.
View
9 storage/Session.php
@@ -55,14 +55,15 @@ class Session extends \lithium\core\Adaptable {
protected static $_strategies = 'strategy.storage.session';
/**
- * Returns the key used to identify the session.
+ * Returns (and Sets) the key used to identify the session.
*
* @param mixed $name Optional named session configuration.
+ * @param mixed $session_id Optional session id to use for this session.
* @return string Returns the value of the session identifier key, or `null` if no named
- * configuration exists, or no session has been started.
+ * configuration exists, no session id has been set or no session has been started.
*/
- public static function key($name = null) {
- return is_object($adapter = static::adapter($name)) ? $adapter->key() : null;
+ public static function key($name = null, $sessionId = null) {
+ return is_object($adapter = static::adapter($name)) ? $adapter->key($sessionId) : null;
}
/**
View
25 storage/session/adapter/Php.php
@@ -77,23 +77,25 @@ protected function _init() {
* false otherwise.
*/
protected static function _start() {
- if (session_id()) {
+ if (static::isStarted()) {
return true;
}
- if (!isset($_SESSION)) {
- session_cache_limiter('nocache');
- }
+ session_cache_limiter('nocache');
return session_start();
}
/**
* Obtain the status of the session.
*
- * @return boolean True if $_SESSION is accessible and if a '_timestamp' key
- * has been set, false otherwise.
+ * @return boolean True if a session is currently started, False otherwise. If PHP5.4
+ * then we know, if PHP5.3 then we cannot tell for sure if a session
+ * has been closed.
*/
public static function isStarted() {
- return (boolean) session_id();
+ if (function_exists("session_status")) {
+ return session_status() === PHP_SESSION_ACTIVE;
+ }
+ return isset($_SESSION) && session_id();
}
/**
@@ -103,7 +105,7 @@ public static function isStarted() {
* @return mixed Session ID, or `null` if the session has not been started.
*/
public static function key($key = null) {
- if ($key) {
+ if ($key !== null) {
return session_id($key);
}
return session_id() ?: null;
@@ -217,10 +219,13 @@ public function clear(array $options = array()) {
/**
* Determines if PHP sessions are enabled.
*
- * @return boolean True if enabled (that is, if session_id() returns a value), false otherwise.
+ * @return boolean True if enabled (php session functionality can be disabled completely), false otherwise
*/
public static function enabled() {
- return (boolean) session_id();
+ if (function_exists("session_status")) {
+ return session_status() !== PHP_SESSION_DISABLED;
+ }
+ return in_array('session', get_loaded_extensions());
}
/**
View
5 tests/cases/storage/session/adapter/PhpTest.php
@@ -51,8 +51,9 @@ protected function _destroySession($name = null) {
public function testEnabled() {
$php = $this->php;
- $this->_destroySession(session_name());
- $this->assertFalse($php::enabled());
+ /* Is PHP Session support enabled? */
+ $sessionsSupported = in_array('session', get_loaded_extensions());
+ $this->assertEqual($sessionsSupported, $php::enabled());
}
public function testInit() {
Something went wrong with that request. Please try again.