Open Monograph Press  1.1
 All Classes Namespaces Functions Variables Groups Pages
SessionManager.inc.php
1 <?php
2 
18 
20  var $sessionDao;
21 
24 
32  function SessionManager($sessionDao, $request) {
33  $this->sessionDao = $sessionDao;
34 
35  // Configure PHP session parameters
36  ini_set('session.use_trans_sid', 0);
37  ini_set('session.save_handler', 'user');
38  ini_set('session.serialize_handler', 'php');
39  ini_set('session.use_cookies', 1);
40  ini_set('session.name', Config::getVar('general', 'session_cookie_name')); // Cookie name
41  ini_set('session.cookie_lifetime', 0);
42  ini_set('session.cookie_path', Config::getVar('general', 'session_cookie_path', $request->getBasePath() . '/'));
43  ini_set('session.gc_probability', 1);
44  ini_set('session.gc_maxlifetime', 60 * 60);
45  ini_set('session.auto_start', 1);
46  ini_set('session.cache_limiter', 'none');
47 
48  session_set_save_handler(
49  array($this, 'open'),
50  array($this, 'close'),
51  array($this, 'read'),
52  array($this, 'write'),
53  array($this, 'destroy'),
54  array($this, 'gc')
55  );
56 
57  // Initialize the session. This calls SessionManager::read() and
58  // sets $this->userSession if a session is present.
59  session_start();
60  $sessionId = session_id();
61 
62  $ip = $request->getRemoteAddr();
63  $userAgent = $request->getUserAgent();
64  $now = time();
65 
66  if (!isset($this->userSession) || (Config::getVar('security', 'session_check_ip') && $this->userSession->getIpAddress() != $ip) || $this->userSession->getUserAgent() != substr($userAgent, 0, 255)) {
67  if (isset($this->userSession)) {
68  // Destroy old session
69  session_destroy();
70  }
71 
72  // Create new session
73  $this->userSession = $this->sessionDao->newDataObject();
74  $this->userSession->setId($sessionId);
75  $this->userSession->setIpAddress($ip);
76  $this->userSession->setUserAgent($userAgent);
77  $this->userSession->setSecondsCreated($now);
78  $this->userSession->setSecondsLastUsed($now);
79  $this->userSession->setSessionData('');
80 
81  $this->sessionDao->insertObject($this->userSession);
82 
83  } else {
84  if ($this->userSession->getRemember()) {
85  // Update session timestamp for remembered sessions so it doesn't expire in the middle of a browser session
86  if (Config::getVar('general', 'session_lifetime') > 0) {
87  $this->updateSessionLifetime(time() + Config::getVar('general', 'session_lifetime') * 86400);
88  } else {
89  $this->userSession->setRemember(0);
90  $this->updateSessionLifetime(0);
91  }
92  }
93 
94  // Update existing session's timestamp; will be saved when write is called
95  $this->userSession->setSecondsLastUsed($now);
96  }
97 
98  // Adding session_write_close as a shutdown function. This is a PHP
99  // space workaround for the "Class '...' not found" bug in installations
100  // having the APC opcode cache installed
101  // Bugzilla: http://pkp.sfu.ca/bugzilla/show_bug.cgi?id=8151
102  // PHP Bug tracker: https://bugs.php.net/bug.php?id=58739
103  register_shutdown_function('session_write_close');
104  }
105 
110  static function &getManager() {
111  $instance =& Registry::get('sessionManager', true, null);
112 
113  if (is_null($instance)) {
114  $application =& Registry::get('application');
115  assert(!is_null($application));
116  $request = $application->getRequest();
117  assert(!is_null($request));
118 
119  // Implicitly set session manager by ref in the registry
120  $instance = new SessionManager(DAORegistry::getDAO('SessionDAO'), $request);
121  }
122 
123  return $instance;
124  }
125 
130  function &getUserSession() {
131  return $this->userSession;
132  }
133 
139  function open() {
140  return true;
141  }
142 
148  function close() {
149  return true;
150  }
151 
157  function read($sessionId) {
158  if (!isset($this->userSession)) {
159  $this->userSession =& $this->sessionDao->getSession($sessionId);
160  if (isset($this->userSession)) {
161  $data = $this->userSession->getSessionData();
162  }
163  }
164  return isset($data) ? $data : '';
165  }
166 
173  function write($sessionId, $data) {
174  if (isset($this->userSession)) {
175  $this->userSession->setSessionData($data);
176  return $this->sessionDao->updateObject($this->userSession);
177 
178  } else {
179  return true;
180  }
181  }
182 
188  function destroy($sessionId) {
189  return $this->sessionDao->deleteById($sessionId);
190  }
191 
198  function gc($maxlifetime) {
199  return $this->sessionDao->deleteByLastUsed(time() - 86400, Config::getVar('general', 'session_lifetime') <= 0 ? 0 : time() - Config::getVar('general', 'session_lifetime') * 86400);
200  }
201 
208  function updateSessionCookie($sessionId = false, $expireTime = 0) {
209  return setcookie(session_name(), ($sessionId === false) ? session_id() : $sessionId, $expireTime, ini_get('session.cookie_path'));
210  }
211 
219  function regenerateSessionId() {
220  $success = false;
221  $currentSessionId = session_id();
222 
223  if (function_exists('session_regenerate_id')) {
224  // session_regenerate_id is only available on PHP >= 4.3.2
225  if (session_regenerate_id() && isset($this->userSession)) {
226  // Delete old session and insert new session
227  $this->sessionDao->deleteById($currentSessionId);
228  $this->userSession->setId(session_id());
229  $this->sessionDao->insertObject($this->userSession);
230  $this->updateSessionCookie(); // TODO: this might not be needed on >= 4.3.3
231  $success = true;
232  }
233 
234  } else {
235  // Regenerate session ID (for PHP < 4.3.2)
236  do {
237  // Generate new session ID -- should be random enough to typically execute only once
238  $newSessionId = md5(mt_rand());
239  } while ($this->sessionDao->sessionExistsById($newSessionId));
240 
241  if (isset($this->userSession)) {
242  // Delete old session and insert new session
243  $this->sessionDao->deleteById($currentSessionId);
244  $this->userSession->setId($newSessionId);
245  $this->sessionDao->insertObject($this->userSession);
246  $this->updateSessionCookie($newSessionId);
247  $success = true;
248  }
249  }
250 
251  return $success;
252  }
253 
259  function updateSessionLifetime($expireTime = 0) {
260  return $this->updateSessionCookie(false, $expireTime);
261  }
262 }
263 
264 ?>
static & getDAO($name, $dbconn=null)
updateSessionCookie($sessionId=false, $expireTime=0)
write($sessionId, $data)
static getVar($section, $key, $default=null)
Definition: Config.inc.php:35
updateSessionLifetime($expireTime=0)
static & get($key, $createIfEmpty=false, $createWithDefault=null)
Implements PHP methods for a custom session storage handler (see http://php.net/session).
SessionManager($sessionDao, $request)