Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
merged branch drak/sessionmeta (PR #3718)
Commits ------- 8a0e6d2 [HttpFoundation] Update changelog. 4fc04fa [HttpFoundation] Renamed MetaBag to MetadataBag 2f03b31 [HttpFoundation] Added the ability to change the session cookie lifetime on migrate(). 39141e8 [HttpFoundation] Add ability to force the lifetime (allows update of session cookie expiry-time) ec3f88f [HttpFoundation] Add methods to interface 402254c [HttpFoundation] Changed meta-data responsibility to SessionStorageInterface d9fd14f [HttpFoundation] Refactored for moved tests location. 29bd787 [HttpFoundation] Added some basic meta-data to Session Discussion ---------- [2.1][HttpFoundation] Added some basic meta-data to Session Bug fix: no Feature addition: yes Backwards compatibility break: no Symfony2 tests pass: yes References the following tickets: #2171 Todo: - Session data is stored as an encoded string against a single id. If we want to store meta-data about the session, that data has to be stored as part of the session data to ensure the meta-data can persist using any session save handler. This patch makes it much easier to determine the logic of session expiration. In general a session expiry can be dealt with by the gc handlers, however, in some applications more specific expiry rules might be required. Session expiry may also be more complex than a simple, session was idle for x seconds. For example, in Zikula there are three security settings, Low, Medium and High. The rules for session expiry are more complex as under the Medium setting, a session will expire after x minutes idle time, unless the rememberme option was ticked on login. If so, the session will not idle. This gives the user some control over their experience. Under the high security setting, then there is no option, sessions will expire after the idle time is reached and login the UI has the rememberme checkbox removed. The other advantage is that under this methodology, there can be a UI experience on expiry, like "Sorry, your session expired due to being idle for 10 minutes". Keeping in the spirit of Symfony2 Components, I am seeking to make session handling flexible enough to accommodate these general requirements without specifically covering expiration rules. It would mean that it would be up to the implementing application to specifcally check and expire session after starting it. Expiration might look something like this: $session->start(); if (time() - $session->getMetadataBag()->getLastUpdate() > $maxIdleTime) { $session->invalidate(); throw new SessionExpired(); } This commit also brings the ability to change the `cookie_lifetime` when migrating a session. This means one could move from a default of browser only session cookie to long-lived cookie when changing from a anonymous to a logged in user for example. $session->migrate($destroy, $lifetime); --------------------------------------------------------------------------- by drak at 2012-03-30T18:18:43Z @fabpot I have removed [WIP] status. --------------------------------------------------------------------------- by drak at 2012-03-31T13:34:57Z NB: This PR has been rebased and the tests relocated as per recent master changes. --------------------------------------------------------------------------- by drak at 2012-04-03T02:16:43Z @fabpot - ping
- Loading branch information
Showing
9 changed files
with
445 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\HttpFoundation\Session\Storage; | ||
|
||
use Symfony\Component\HttpFoundation\Session\SessionBagInterface; | ||
|
||
/** | ||
* Metadata container. | ||
* | ||
* Adds metadata to the session. | ||
* | ||
* @author Drak <drak@zikula.org> | ||
*/ | ||
class MetadataBag implements SessionBagInterface | ||
{ | ||
const CREATED = 'c'; | ||
const UPDATED = 'u'; | ||
const LIFETIME = 'l'; | ||
|
||
/** | ||
* @var string | ||
*/ | ||
private $name = '__metadata'; | ||
|
||
/** | ||
* @var string | ||
*/ | ||
private $storageKey; | ||
|
||
/** | ||
* @var array | ||
*/ | ||
protected $meta = array(); | ||
|
||
/** | ||
* Unix timestamp. | ||
* | ||
* @var integer | ||
*/ | ||
private $lastUsed; | ||
|
||
/** | ||
* Constructor. | ||
* | ||
* @param string $storageKey The key used to store bag in the session. | ||
*/ | ||
public function __construct($storageKey = '_sf2_meta') | ||
{ | ||
$this->storageKey = $storageKey; | ||
$this->meta = array(self::CREATED => 0, self::UPDATED => 0, self::LIFETIME => 0); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function initialize(array &$array) | ||
{ | ||
$this->meta = &$array; | ||
|
||
if (isset($array[self::CREATED])) { | ||
$this->lastUsed = $this->meta[self::UPDATED]; | ||
$this->meta[self::UPDATED] = time(); | ||
} else { | ||
$this->stampCreated(); | ||
} | ||
} | ||
|
||
/** | ||
* Gets the lifetime that the session cookie was set with. | ||
* | ||
* @return integer | ||
*/ | ||
public function getLifetime() | ||
{ | ||
return $this->meta[self::LIFETIME]; | ||
} | ||
|
||
/** | ||
* Stamps a new session's metadata. | ||
* | ||
* @param integer $lifetime Sets the cookie lifetime for the session cookie. A null value | ||
* will leave the system settings unchanged, 0 sets the cookie | ||
* to expire with browser session. Time is in seconds, and is | ||
* not a Unix timestamp. | ||
*/ | ||
public function stampNew($lifetime = null) | ||
{ | ||
$this->stampCreated($lifetime); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getStorageKey() | ||
{ | ||
return $this->storageKey; | ||
} | ||
|
||
/** | ||
* Gets the created timestamp metadata. | ||
* | ||
* @return integer Unix timestamp | ||
*/ | ||
public function getCreated() | ||
{ | ||
return $this->meta[self::CREATED]; | ||
} | ||
|
||
/** | ||
* Gets the last used metadata. | ||
* | ||
* @return integer Unix timestamp | ||
*/ | ||
public function getLastUsed() | ||
{ | ||
return $this->lastUsed; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function clear() | ||
{ | ||
// nothing to do | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function getName() | ||
{ | ||
return $this->name; | ||
} | ||
|
||
/** | ||
* Sets name. | ||
* | ||
* @param string $name | ||
*/ | ||
public function setName($name) | ||
{ | ||
$this->name = $name; | ||
} | ||
|
||
private function stampCreated($lifetime = null) | ||
{ | ||
$timeStamp = time(); | ||
$this->meta[self::CREATED] = $this->meta[self::UPDATED] = $this->lastUsed = $timeStamp; | ||
$this->meta[self::LIFETIME] = (null === $lifetime) ? ini_get('session.cookie_lifetime') : $lifetime; | ||
} | ||
} |
Oops, something went wrong.