master/html/SessionManager_8inc_8php_source.html

<?php


class SessionManager {


   var $sessionDao;


   var $userSession;


   function __construct($sessionDao, $request) {

      $this->sessionDao = $sessionDao;


      // Configure PHP session parameters

      ini_set('session.use_trans_sid', 0);

      ini_set('session.serialize_handler', 'php');

      ini_set('session.use_cookies', 1);

      ini_set('session.name', Config::getVar('general', 'session_cookie_name')); // Cookie name

      ini_set('session.cookie_lifetime', 0);

      ini_set('session.cookie_path', Config::getVar('general', 'session_cookie_path', $request->getBasePath() . '/'));

      ini_set('session.cookie_domain', $request->getServerHost(null, false));

      ini_set('session.gc_probability', 1);

      ini_set('session.gc_maxlifetime', 60 * 60);

      ini_set('session.auto_start', 1);

      ini_set('session.cache_limiter', 'none');


      session_set_save_handler(

         array($this, 'open'),

         array($this, 'close'),

         array($this, 'read'),

         array($this, 'write'),

         array($this, 'destroy'),

         array($this, 'gc')

      );


      // Initialize the session. This calls SessionManager::read() and

      // sets $this->userSession if a session is present.

      session_start();

      $sessionId = session_id();


      $ip = $request->getRemoteAddr();

      $userAgent = $request->getUserAgent();

      $now = time();


      // Check if the session is tied to the parent domain

      if (isset($this->userSession) && $this->userSession->getDomain() && $this->userSession->getDomain() != $request->getServerHost(null, false)) {

         // if current host contains . and the session domain (is a subdomain of the session domain), adjust the session's domain parameter to the parent

         if (strtolower(substr($request->getServerHost(null, false), -1 - strlen($this->userSession->getDomain()))) == '.'.strtolower($this->userSession->getDomain())) {

            ini_set('session.cookie_domain', $this->userSession->getDomain());

         }

      }


      if (!isset($this->userSession) || (Config::getVar('security', 'session_check_ip') && $this->userSession->getIpAddress() != $ip) || $this->userSession->getUserAgent() != substr($userAgent, 0, 255)) {

         if (isset($this->userSession)) {

            // Destroy old session

            session_destroy();

         }


         // Create new session

         $this->userSession = $this->sessionDao->newDataObject();

         $this->userSession->setId($sessionId);

         $this->userSession->setIpAddress($ip);

         $this->userSession->setUserAgent($userAgent);

         $this->userSession->setSecondsCreated($now);

         $this->userSession->setSecondsLastUsed($now);

         $this->userSession->setDomain(ini_get('session.cookie_domain'));

         $this->userSession->setSessionData('');


         $this->sessionDao->insertObject($this->userSession);


      } else {

         if ($this->userSession->getRemember()) {

            // Update session timestamp for remembered sessions so it doesn't expire in the middle of a browser session

            if (Config::getVar('general', 'session_lifetime') > 0) {

               $this->updateSessionLifetime(time() + Config::getVar('general', 'session_lifetime') * 86400);

            } else {

               $this->userSession->setRemember(0);

               $this->updateSessionLifetime(0);

            }

         }


         // Update existing session's timestamp; will be saved when write is called

         $this->userSession->setSecondsLastUsed($now);

      }


      // Adding session_write_close as a shutdown function. This is a PHP

      // space workaround for the "Class '...' not found" bug in installations

      // having the APC opcode cache installed

      // Bugzilla: https://pkp.sfu.ca/bugzilla/show_bug.cgi?id=8151

      // PHP Bug tracker: https://bugs.php.net/bug.php?id=58739

      register_shutdown_function('session_write_close');

   }


   static function getManager() {

      // Reference required

      $instance =& Registry::get('sessionManager', true, null);


      if (is_null($instance)) {

         $application = Registry::get('application');

         assert(!is_null($application));

         $request = $application->getRequest();

         assert(!is_null($request));


         // Implicitly set session manager by ref in the registry

         $instance = new SessionManager(DAORegistry::getDAO('SessionDAO'), $request);

      }


      return $instance;

   }


   function getUserSession() {

      return $this->userSession;

   }


   function open() {

      return true;

   }


   function close() {

      return true;

   }


   function read($sessionId) {

      if (!isset($this->userSession)) {

         $this->userSession = $this->sessionDao->getSession($sessionId);

         if (isset($this->userSession)) {

            $data = $this->userSession->getSessionData();

         }

      }

      return isset($data) ? $data : '';

   }


   function write($sessionId, $data) {

      if (isset($this->userSession)) {

         $this->userSession->setSessionData($data);

         return $this->sessionDao->updateObject($this->userSession);


      } else {

         return true;

      }

   }


   function destroy($sessionId) {

      return $this->sessionDao->deleteById($sessionId);

   }


   function gc($maxlifetime) {

      return $this->sessionDao->deleteByLastUsed(time() - 86400, Config::getVar('general', 'session_lifetime') <= 0 ? 0 : time() - Config::getVar('general', 'session_lifetime') * 86400);

   }


   function updateSessionCookie($sessionId = false, $expireTime = 0) {

      $domain = ini_get('session.cookie_domain');

      // Specific domains must contain at least one '.' (e.g. Chrome)

      if (strpos($domain, '.') === false) $domain = false;


      // Clear cookies with no domain #8921

      if ($domain) {

         setcookie(session_name(), "", 0, ini_get('session.cookie_path'), false);

      }


      return setcookie(

         session_name(),

         ($sessionId === false) ? session_id() : $sessionId,

         $expireTime,

         ini_get('session.cookie_path'),

         $domain

      );

   }


   function regenerateSessionId() {

      $success = false;

      $currentSessionId = session_id();


      if (session_regenerate_id() && isset($this->userSession)) {

         // Delete old session and insert new session

         $this->sessionDao->deleteById($currentSessionId);

         $this->userSession->setId(session_id());

         $this->sessionDao->insertObject($this->userSession);

         $this->updateSessionCookie(); // TODO: this might not be needed on >= 4.3.3

         $success = true;

      }


      return $success;

   }


   function updateSessionLifetime($expireTime = 0) {

      return $this->updateSessionCookie(false, $expireTime);

   }

}