Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
2,022 additions
and
141 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
<?php | ||
/** | ||
* @package Joomla.Platform | ||
* @subpackage Session | ||
* | ||
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved. | ||
* @license GNU General Public License version 2 or later; see LICENSE | ||
*/ | ||
|
||
defined('JPATH_PLATFORM') or die; | ||
|
||
/** | ||
* Interface for managing HTTP sessions | ||
* | ||
* @since 3.5 | ||
*/ | ||
interface JSessionHandlerInterface | ||
{ | ||
/** | ||
* Starts the session. | ||
* | ||
* @return boolean True if started. | ||
* | ||
* @since 3.5 | ||
* @throws RuntimeException If something goes wrong starting the session. | ||
*/ | ||
public function start(); | ||
|
||
/** | ||
* Checks if the session is started. | ||
* | ||
* @return boolean True if started, false otherwise. | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function isStarted(); | ||
|
||
/** | ||
* Returns the session ID | ||
* | ||
* @return string The session ID | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function getId(); | ||
|
||
/** | ||
* Sets the session ID | ||
* | ||
* @param string $id The session ID | ||
* | ||
* @return void | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function setId($id); | ||
|
||
/** | ||
* Returns the session name | ||
* | ||
* @return mixed The session name. | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function getName(); | ||
|
||
/** | ||
* Sets the session name | ||
* | ||
* @param string $name The name of the session | ||
* | ||
* @return void | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function setName($name); | ||
|
||
/** | ||
* Regenerates ID that represents this storage. | ||
* | ||
* Note regenerate+destroy should not clear the session data in memory only delete the session data from persistent storage. | ||
* | ||
* @param boolean $destroy Destroy session when regenerating? | ||
* @param integer $lifetime Sets the cookie lifetime for the session cookie. A null value will leave the system settings unchanged, | ||
* 0 sets the cookie to expire with browser session. Time is in seconds, and is not a Unix timestamp. | ||
* | ||
* @return boolean True if session regenerated, false if error | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function regenerate($destroy = false, $lifetime = null); | ||
|
||
/** | ||
* Force the session to be saved and closed. | ||
* | ||
* This method must invoke session_write_close() unless this interface is used for a storage object design for unit or functional testing where | ||
* a real PHP session would interfere with testing, in which case it should actually persist the session data if required. | ||
* | ||
* @return void | ||
* | ||
* @see session_write_close() | ||
* @since 3.5 | ||
* @throws RuntimeException If the session is saved without being started, or if the session is already closed. | ||
*/ | ||
public function save(); | ||
|
||
/** | ||
* Clear all session data in memory. | ||
* | ||
* @return void | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function clear(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
<?php | ||
/** | ||
* @package Joomla.Platform | ||
* @subpackage Session | ||
* | ||
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved. | ||
* @license GNU General Public License version 2 or later; see LICENSE | ||
*/ | ||
|
||
defined('JPATH_PLATFORM') or die; | ||
|
||
/** | ||
* Interface for managing HTTP sessions | ||
* | ||
* @since 3.5 | ||
*/ | ||
class JSessionHandlerJoomla extends JSessionHandlerNative | ||
{ | ||
/** | ||
* The input object | ||
* | ||
* @var JInput | ||
* @since 3.5 | ||
*/ | ||
public $input = null; | ||
|
||
/** | ||
* Force cookies to be SSL only | ||
* | ||
* @var boolean | ||
* @since 3.5 | ||
*/ | ||
protected $force_ssl = false; | ||
|
||
/** | ||
* Public constructor | ||
* | ||
* @param array $options An array of configuration options | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function __construct($options = array()) | ||
{ | ||
// Disable transparent sid support | ||
ini_set('session.use_trans_sid', '0'); | ||
|
||
// Only allow the session ID to come from cookies and nothing else. | ||
ini_set('session.use_only_cookies', '1'); | ||
|
||
// Set options | ||
$this->setOptions($options); | ||
$this->setCookieParams(); | ||
} | ||
|
||
/** | ||
* Starts the session | ||
* | ||
* @return boolean True if started | ||
* | ||
* @since 3.5 | ||
* @throws RuntimeException If something goes wrong starting the session. | ||
*/ | ||
public function start() | ||
{ | ||
$session_name = $this->getName(); | ||
|
||
// Get the JInputCookie object | ||
$cookie = $this->input->cookie; | ||
|
||
if (is_null($cookie->get($session_name))) | ||
{ | ||
$session_clean = $this->input->get($session_name, false, 'string'); | ||
|
||
if ($session_clean) | ||
{ | ||
$this->setId($session_clean); | ||
$cookie->set($session_name, '', time() - 3600); | ||
} | ||
} | ||
|
||
return parent::start(); | ||
} | ||
|
||
/** | ||
* Clear all session data in memory. | ||
* | ||
* @return void | ||
* | ||
* @since 3.5 | ||
*/ | ||
public function clear() | ||
{ | ||
$session_name = $this->getName(); | ||
|
||
/* | ||
* In order to kill the session altogether, such as to log the user out, the session id | ||
* must also be unset. If a cookie is used to propagate the session id (default behavior), | ||
* then the session cookie must be deleted. | ||
*/ | ||
if (isset($_COOKIE[$session_name])) | ||
{ | ||
$config = JFactory::getConfig(); | ||
$cookie_domain = $config->get('cookie_domain', ''); | ||
$cookie_path = $config->get('cookie_path', '/'); | ||
setcookie($session_name, '', time() - 42000, $cookie_path, $cookie_domain); | ||
} | ||
|
||
parent::clear(); | ||
} | ||
|
||
/** | ||
* Set session cookie parameters | ||
* | ||
* @return void | ||
* | ||
* @since 3.5 | ||
*/ | ||
protected function setCookieParams() | ||
{ | ||
$cookie = session_get_cookie_params(); | ||
|
||
if ($this->force_ssl) | ||
{ | ||
$cookie['secure'] = true; | ||
} | ||
|
||
$config = JFactory::getConfig(); | ||
|
||
if ($config->get('cookie_domain', '') != '') | ||
{ | ||
$cookie['domain'] = $config->get('cookie_domain'); | ||
} | ||
|
||
if ($config->get('cookie_path', '') != '') | ||
{ | ||
$cookie['path'] = $config->get('cookie_path'); | ||
} | ||
|
||
session_set_cookie_params($cookie['lifetime'], $cookie['path'], $cookie['domain'], $cookie['secure'], true); | ||
} | ||
|
||
/** | ||
* Set additional session options | ||
* | ||
* @param array $options List of parameter | ||
* | ||
* @return boolean True on success | ||
* | ||
* @since 3.5 | ||
*/ | ||
protected function setOptions(array $options) | ||
{ | ||
if (isset($options['force_ssl'])) | ||
{ | ||
$this->force_ssl = (bool) $options['force_ssl']; | ||
} | ||
|
||
return true; | ||
} | ||
} |
Oops, something went wrong.