Skip to content

Commit

Permalink
merged branch drak/sessionmeta (PR #3718)
Browse files Browse the repository at this point in the history 
Commits
-------

8a0e6d2 [HttpFoundation] Update changelog.
4fc04fa [HttpFoundation] Renamed MetaBag to MetadataBag
2f03b31 [HttpFoundation] Added the ability to change the session cookie lifetime on migrate().
39141e8 [HttpFoundation] Add ability to force the lifetime (allows update of session cookie expiry-time)
ec3f88f [HttpFoundation] Add methods to interface
402254c [HttpFoundation] Changed meta-data responsibility to SessionStorageInterface
d9fd14f [HttpFoundation] Refactored for moved tests location.
29bd787 [HttpFoundation] Added some basic meta-data to Session

Discussion
----------

[2.1][HttpFoundation] Added some basic meta-data to Session

Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
References the following tickets: #2171
Todo: -

Session data is stored as an encoded string against a single id.  If we want to store meta-data about the session, that data has to be stored as part of the session data to ensure the meta-data can persist using any session save handler.

This patch makes it much easier to determine the logic of session expiration.  In general a session expiry can be dealt with by the gc handlers, however, in some applications more specific expiry rules might be required.

Session expiry may also be more complex than a simple, session was idle for x seconds.  For example, in Zikula there are three security settings, Low, Medium and High.  The rules for session expiry are more complex as under the Medium setting, a session will expire after x minutes idle time, unless the rememberme option was ticked on login.  If so, the session will not idle.  This gives the user some control over their experience.  Under the high security setting, then there is no option, sessions will expire after the idle time is reached and login the UI has the rememberme checkbox removed.

The other advantage is that under this methodology, there can be a UI experience on expiry, like "Sorry, your session expired due to being idle for 10 minutes".

Keeping in the spirit of Symfony2 Components, I am seeking to make session handling flexible enough to accommodate these general requirements without specifically covering expiration rules. It would mean that it would be up to the implementing application to specifcally check and expire session after starting it.

Expiration might look something like this:

    $session->start();
    if (time() - $session->getMetadataBag()->getLastUpdate() > $maxIdleTime) {
        $session->invalidate();
        throw new SessionExpired();
    }

This commit also brings the ability to change the `cookie_lifetime` when migrating a session. This means one could move from a default of browser only session cookie to long-lived cookie when changing from a anonymous to a logged in user for example.

    $session->migrate($destroy, $lifetime);

---------------------------------------------------------------------------

by drak at 2012-03-30T18:18:43Z

@fabpot I have removed [WIP] status.

---------------------------------------------------------------------------

by drak at 2012-03-31T13:34:57Z

NB: This PR has been rebased and the tests relocated as per recent master changes.

---------------------------------------------------------------------------

by drak at 2012-04-03T02:16:43Z

@fabpot - ping
  • Loading branch information
@fabpot
fabpot committed Apr 3, 2012
2 parents a22fb21 + 40fd7d1 commit 2f5227e
Show file tree
Hide file tree
Showing 9 changed files with 445 additions and 57 deletions.
79 changes: 41 additions & 38 deletions Session/Session.php
View file
Expand Up @@ -11,6 +11,7 @@

namespace Symfony\Component\HttpFoundation\Session;

use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;
use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag;
use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
Expand Down Expand Up @@ -57,13 +58,13 @@ public function __construct(SessionStorageInterface $storage = null, AttributeBa
{
$this->storage = $storage ?: new NativeSessionStorage();

$attributeBag = $attributes ?: new AttributeBag();
$this->attributeName = $attributeBag->getName();
$this->registerBag($attributeBag);
$attributes = $attributes ?: new AttributeBag();
$this->attributeName = $attributes->getName();
$this->registerBag($attributes);

$flashBag = $flashes ?: new FlashBag();
$this->flashName = $flashBag->getName();
$this->registerBag($flashBag);
$flashes = $flashes ?: new FlashBag();
$this->flashName = $flashes->getName();
$this->registerBag($flashes);
}

/**
Expand Down Expand Up @@ -130,22 +131,42 @@ public function clear()
$this->storage->getBag($this->attributeName)->clear();
}

/**
* Returns an iterator for attributes.
*
* @return \ArrayIterator An \ArrayIterator instance
*/
public function getIterator()
{
return new \ArrayIterator($this->storage->getBag($this->attributeName)->all());
}

/**
* Returns the number of attributes.
*
* @return int The number of attributes
*/
public function count()
{
return count($this->storage->getBag($this->attributeName)->all());
}

/**
* {@inheritdoc}
*/
public function invalidate()
public function invalidate($lifetime = null)
{
$this->storage->clear();

return $this->storage->regenerate(true);
return $this->migrate(true, $lifetime);
}

/**
* {@inheritdoc}
*/
public function migrate($destroy = false)
public function migrate($destroy = false, $lifetime = null)
{
return $this->storage->regenerate($destroy);
return $this->storage->regenerate($destroy, $lifetime);
}

/**
Expand Down Expand Up @@ -189,21 +210,23 @@ public function setName($name)
}

/**
* Registers a SessionBagInterface with the session.
*
* @param SessionBagInterface $bag
* {@iheritdoc}
*/
public function getMetadataBag()
{
return $this->storage->getMetadataBag();
}

/**
* {@iheritdoc}
*/
public function registerBag(SessionBagInterface $bag)
{
$this->storage->registerBag($bag);
}

/**
* Get's a bag instance.
*
* @param string $name
*
* @return SessionBagInterface
* {@iheritdoc}
*/
public function getBag($name)
{
Expand Down Expand Up @@ -310,24 +333,4 @@ public function clearFlashes()
{
return $this->getBag($this->flashName)->clear();
}

/**
* Returns an iterator for attributes.
*
* @return \ArrayIterator An \ArrayIterator instance
*/
public function getIterator()
{
return new \ArrayIterator($this->storage->getBag('attributes')->all());
}

/**
* Returns the number of attributes.
*
* @return int The number of attributes
*/
public function count()
{
return count($this->storage->getBag('attributes')->all());
}
}
38 changes: 35 additions & 3 deletions Session/SessionInterface.php
View file
Expand Up @@ -71,23 +71,32 @@ function setName($name);
* Clears all session attributes and flashes and regenerates the
* session and deletes the old session from persistence.
*
* @param integer $lifetime Sets the cookie lifetime for the session cookie. A null value
* will leave the system settings unchanged, 0 sets the cookie
* to expire with browser session. Time is in seconds, and is
* not a Unix timestamp.
*
* @return Boolean True if session invalidated, false if error.
*
* @api
*/
function invalidate();
function invalidate($lifetime = null);

/**
* Migrates the current session to a new session id while maintaining all
* session attributes.
*
* @param Boolean $destroy Whether to delete the old session or leave it to garbage collection.
* @param Boolean $destroy Whether to delete the old session or leave it to garbage collection.
* @param integer $lifetime Sets the cookie lifetime for the session cookie. A null value
* will leave the system settings unchanged, 0 sets the cookie
* to expire with browser session. Time is in seconds, and is
* not a Unix timestamp.
*
* @return Boolean True if session migrated, false if error.
*
* @api
*/
function migrate($destroy = false);
function migrate($destroy = false, $lifetime = null);

/**
* Force the session to be saved and closed.
Expand Down Expand Up @@ -164,4 +173,27 @@ function remove($name);
* @api
*/
function clear();

/**
* Registers a SessionBagInterface with the session.
*
* @param SessionBagInterface $bag
*/
public function registerBag(SessionBagInterface $bag);

/**
* Gets a bag instance by name.
*
* @param string $name
*
* @return SessionBagInterface
*/
public function getBag($name);

/**
* Gets session meta.
*
* @return MetadataBag
*/
public function getMetadataBag();
}
160 changes: 160 additions & 0 deletions Session/Storage/MetadataBag.php
View file
@@ -0,0 +1,160 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\HttpFoundation\Session\Storage;

use Symfony\Component\HttpFoundation\Session\SessionBagInterface;

/**
* Metadata container.
*
* Adds metadata to the session.
*
* @author Drak <drak@zikula.org>
*/
class MetadataBag implements SessionBagInterface
{
const CREATED = 'c';
const UPDATED = 'u';
const LIFETIME = 'l';

/**
* @var string
*/
private $name = '__metadata';

/**
* @var string
*/
private $storageKey;

/**
* @var array
*/
protected $meta = array();

/**
* Unix timestamp.
*
* @var integer
*/
private $lastUsed;

/**
* Constructor.
*
* @param string $storageKey The key used to store bag in the session.
*/
public function __construct($storageKey = '_sf2_meta')
{
$this->storageKey = $storageKey;
$this->meta = array(self::CREATED => 0, self::UPDATED => 0, self::LIFETIME => 0);
}

/**
* {@inheritdoc}
*/
public function initialize(array &$array)
{
$this->meta = &$array;

if (isset($array[self::CREATED])) {
$this->lastUsed = $this->meta[self::UPDATED];
$this->meta[self::UPDATED] = time();
} else {
$this->stampCreated();
}
}

/**
* Gets the lifetime that the session cookie was set with.
*
* @return integer
*/
public function getLifetime()
{
return $this->meta[self::LIFETIME];
}

/**
* Stamps a new session's metadata.
*
* @param integer $lifetime Sets the cookie lifetime for the session cookie. A null value
* will leave the system settings unchanged, 0 sets the cookie
* to expire with browser session. Time is in seconds, and is
* not a Unix timestamp.
*/
public function stampNew($lifetime = null)
{
$this->stampCreated($lifetime);
}

/**
* {@inheritdoc}
*/
public function getStorageKey()
{
return $this->storageKey;
}

/**
* Gets the created timestamp metadata.
*
* @return integer Unix timestamp
*/
public function getCreated()
{
return $this->meta[self::CREATED];
}

/**
* Gets the last used metadata.
*
* @return integer Unix timestamp
*/
public function getLastUsed()
{
return $this->lastUsed;
}

/**
* {@inheritdoc}
*/
public function clear()
{
// nothing to do
}

/**
* {@inheritdoc}
*/
public function getName()
{
return $this->name;
}

/**
* Sets name.
*
* @param string $name
*/
public function setName($name)
{
$this->name = $name;
}

private function stampCreated($lifetime = null)
{
$timeStamp = time();
$this->meta[self::CREATED] = $this->meta[self::UPDATED] = $this->lastUsed = $timeStamp;
$this->meta[self::LIFETIME] = (null === $lifetime) ? ini_get('session.cookie_lifetime') : $lifetime;
}
}

0 comments on commit 2f5227e

Please sign in to comment.