classes/session/SessionManager.inc.php

<?php

// $Id: SessionManager.inc.php,v 1.14 2008/07/01 01:16:10 asmecher Exp $


class SessionManager {

   var $sessionDao;

   var $userSession;

   function SessionManager(&$sessionDao) {
      $this->sessionDao = &$sessionDao;

      // Configure PHP session parameters
      ini_set('session.use_trans_sid', 0);
      ini_set('session.save_handler', 'user');
      ini_set('session.serialize_handler', 'php');
      ini_set('session.use_cookies', 1);
      ini_set('session.name', Config::getVar('general', 'session_cookie_name')); // Cookie name
      ini_set('session.cookie_lifetime', 0);
      ini_set('session.cookie_path', Request::getBasePath() . '/');
      ini_set('session.gc_probability', 1);
      ini_set('session.gc_maxlifetime', 60 * 60);
      ini_set('session.auto_start', 1);
      ini_set('session.cache_limiter', 'none');

      session_set_save_handler(
         array(&$this, 'open'),
         array(&$this, 'close'),
         array(&$this, 'read'),
         array(&$this, 'write'),
         array(&$this, 'destroy'),
         array(&$this, 'gc')
      );

      // Initialize the session
      session_start();
      $sessionId = session_id();

      $ip = Request::getRemoteAddr();
      $userAgent = Request::getUserAgent();
      $now = time();

      if (!isset($this->userSession) || (Config::getVar('security', 'session_check_ip') && $this->userSession->getIpAddress() != $ip) || $this->userSession->getUserAgent() != $userAgent) {
         if (isset($this->userSession)) {
            // Destroy old session
            session_destroy();
         }

         // Create new session
         $this->userSession = &new Session();
         $this->userSession->setId($sessionId);
         $this->userSession->setIpAddress($ip);
         $this->userSession->setUserAgent($userAgent);
         $this->userSession->setSecondsCreated($now);
         $this->userSession->setSecondsLastUsed($now);
         $this->userSession->setSessionData('');

         $this->sessionDao->insertSession($this->userSession);

      } else {
         if ($this->userSession->getRemember()) {
            // Update session timestamp for remembered sessions so it doesn't expire in the middle of a browser session
            if (Config::getVar('general', 'session_lifetime') > 0) {
               $this->updateSessionLifetime(time() + Config::getVar('general', 'session_lifetime') * 86400);
            } else {
               $this->userSession->setRemember(0);
               $this->updateSessionLifetime(0);
            }
         }

         // Update existing session's timestamp
         $this->userSession->setSecondsLastUsed($now);
         $this->sessionDao->updateSession($this->userSession);
      }
   }

   function &getManager() {
      static $instance;

      if (!isset($instance)) {
         $instance = new SessionManager(DAORegistry::getDAO('SessionDAO'));
      }
      return $instance;
   }

   function &getUserSession() {
      return $this->userSession;
   }

   function open() {
      return true;
   }

   function close() {
      return true;
   }

   function read($sessionId) {
      if (!isset($this->userSession)) {
         $this->userSession = &$this->sessionDao->getSession($sessionId);
         if (isset($this->userSession)) {
            $data = $this->userSession->getSessionData();
         }
      }
      return isset($data) ? $data : '';
   }

   function write($sessionId, $data) {
      if (isset($this->userSession)) {
         $this->userSession->setSessionData($data);
         return $this->sessionDao->updateSession($this->userSession);

      } else {
         return true;
      }
   }

   function destroy($sessionId) {
      return $this->sessionDao->deleteSessionById($sessionId);
   }

   function gc($maxlifetime) {
      return $this->sessionDao->deleteSessionByLastUsed(time() - 86400, Config::getVar('general', 'session_lifetime') <= 0 ? 0 : time() - Config::getVar('general', 'session_lifetime') * 86400);
   }

   function updateSessionCookie($sessionId = false, $expireTime = 0) {
      return setcookie(session_name(), ($sessionId === false) ? session_id() : $sessionId, $expireTime, ini_get('session.cookie_path'));
   }

   function regenerateSessionId() {
      $success = false;
      $currentSessionId = session_id();

      if (function_exists('session_regenerate_id')) {
         // session_regenerate_id is only available on PHP >= 4.3.2
         if (session_regenerate_id() && isset($this->userSession)) {
            // Delete old session and insert new session
            $this->sessionDao->deleteSessionById($currentSessionId);
            $this->userSession->setId(session_id());
            $this->sessionDao->insertSession($this->userSession);
            $this->updateSessionCookie(); // TODO: this might not be needed on >= 4.3.3
            $success = true;
         }

      } else {
         // Regenerate session ID (for PHP < 4.3.2)
         do {
            // Generate new session ID -- should be random enough to typically execute only once
            $newSessionId = md5(mt_rand());
         } while ($this->sessionDao->sessionExistsById($newSessionId));

         if (isset($this->userSession)) {
            // Delete old session and insert new session
            $this->sessionDao->deleteSessionById($currentSessionId);
            $this->userSession->setId($newSessionId);
            $this->sessionDao->insertSession($this->userSession);
            $this->updateSessionCookie($newSessionId);
            $success = true;
         }
      }

      return $success;
   }

   function updateSessionLifetime($expireTime = 0) {
      return $this->updateSessionCookie(false, $expireTime);
   }

}

?>

---