Elgg  Version 6.2
ElggSession.php
Go to the documentation of this file.
1 <?php
2 
3 use Elgg\Config;
4 use Elgg\Database;
5 use Elgg\Database\SessionHandler as ElggSessionHandler;
7 use Symfony\Component\HttpFoundation\Session\Session;
8 use Symfony\Component\HttpFoundation\Session\SessionInterface;
9 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
10 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
11 
19 class ElggSession {
20 
21  use Profilable;
22 
26  protected $storage;
27 
33  public function __construct(SessionInterface $storage) {
34  $this->storage = $storage;
35  }
36 
44  public function boot(): void {
45 
46  $this->beginTimer([__METHOD__]);
47 
48  $this->start();
49 
50  $migrate_session = false;
51 
52  // test whether we have a user session
53  if ($this->has('guid')) {
54  $user = _elgg_services()->entityTable->get($this->get('guid'), 'user');
55  if (!$user instanceof ElggUser) {
56  // OMG user has been deleted.
57  $this->invalidate();
58 
59  // redirect to homepage
60  $this->endTimer([__METHOD__]);
61  _elgg_services()->responseFactory->redirect('');
62  }
63  } else {
64  $user = _elgg_services()->persistentLogin->bootSession();
65  if ($user instanceof ElggUser) {
66  _elgg_services()->persistentLogin->updateTokenUsage($user);
67  $migrate_session = true;
68  }
69  }
70 
71  if ($user instanceof ElggUser) {
72  _elgg_services()->session_manager->setLoggedInUser($user, $migrate_session);
73  $user->setLastAction();
74 
75  // logout a user with open session who has been banned
76  if ($user->isBanned()) {
77  _elgg_services()->session_manager->logout();
78  }
79  }
80 
81  $this->endTimer([__METHOD__]);
82  }
83 
91  public function start() {
92 
93  if ($this->storage->getId()) {
94  return true;
95  }
96 
97  $result = $this->storage->start();
98  $this->generateSessionToken();
99  return $result;
100  }
101 
109  public function migrate(bool $destroy = true) {
110  return $this->storage->migrate($destroy);
111  }
112 
121  public function invalidate() {
122  $this->storage->clear();
123  $result = $this->migrate(true);
124  $this->generateSessionToken();
125  _elgg_services()->accessCache->clear();
126  return $result;
127  }
128 
135  public function save() {
136  $this->storage->save();
137  }
138 
145  public function isStarted() {
146  return $this->storage->isStarted();
147  }
148 
155  public function getID() {
156  return $this->storage->getId();
157  }
158 
166  public function setId($id) {
167  $this->storage->setId($id);
168  }
169 
176  public function getName() {
177  return $this->storage->getName();
178  }
179 
187  public function setName($name) {
188  $this->storage->setName($name);
189  }
190 
198  public function get($name, $default = null) {
199  return $this->storage->get($name, $default);
200  }
201 
209  public function set($name, $value) {
210  $this->storage->set($name, $value);
211  }
212 
220  public function remove($name) {
221  return $this->storage->remove($name);
222  }
223 
231  public function has($name) {
232  return $this->storage->has($name);
233  }
234 
243  protected function generateSessionToken() {
244  // Generate a simple token that we store server side
245  if (!$this->has('__elgg_session')) {
246  $this->set('__elgg_session', _elgg_services()->crypto->getRandomString(22));
247  }
248  }
249 
257  public static function getMock() {
258  $storage = new MockArraySessionStorage();
259  $session = new Session($storage);
260  return new self($session);
261  }
262 
273  public static function fromDatabase(Config $config, Database $db) {
274  $params = $config->getCookieConfig()['session'];
275  $options = [
276  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
277  // constructor, so we must capture and inject it directly.
278  'cache_limiter' => session_cache_limiter(),
279 
280  'name' => $params['name'],
281  'cookie_path' => $params['path'],
282  'cookie_domain' => $params['domain'],
283  'cookie_secure' => $params['secure'],
284  'cookie_httponly' => $params['httponly'],
285  'cookie_lifetime' => $params['lifetime'],
286  'cookie_samesite' => $params['samesite'],
287  ];
288 
289  $handler = new ElggSessionHandler($db);
290  $storage = new NativeSessionStorage($options, $handler);
291  $session = new Session($storage);
292  return new self($session);
293  }
294 
304  public static function fromFiles(Config $config) {
305  $params = $config->getCookieConfig()['session'];
306  $options = [
307  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
308  // constructor, so we must capture and inject it directly.
309  'cache_limiter' => session_cache_limiter(),
310 
311  'name' => $params['name'],
312  'cookie_path' => $params['path'],
313  'cookie_domain' => $params['domain'],
314  'cookie_secure' => $params['secure'],
315  'cookie_httponly' => $params['httponly'],
316  'cookie_lifetime' => $params['lifetime'],
317  ];
318 
319  $storage = new NativeSessionStorage($options);
320  $session = new Session($storage);
321  return new self($session);
322  }
323 }
if(! $user||! $user->canDelete()) $name
Definition: delete.php:22
$id
Generic annotation delete action.
Definition: delete.php:6
$params
Saves global plugin settings.
Definition: save.php:13
$handler
Definition: add.php:7
$user
Definition: ban.php:7
Elgg Session Management.
Definition: ElggSession.php:19
has($name)
Has the attribute been defined.
static getMock()
Get an isolated ElggSession that does not persist between requests.
invalidate()
Invalidates the session.
save()
Save the session data and closes the session.
__construct(SessionInterface $storage)
Constructor.
Definition: ElggSession.php:33
migrate(bool $destroy=true)
Migrates the session to a new session id while maintaining session attributes.
boot()
Initializes the session and checks for the remember me cookie.
Definition: ElggSession.php:44
generateSessionToken()
Adds a token to the session.
static fromFiles(Config $config)
Create a session stored in files.
static fromDatabase(Config $config, Database $db)
Create a session stored in the DB.
setId($id)
Set the session ID.
isStarted()
Has the session been started.
getID()
Get the session ID.
start()
Start the session.
Definition: ElggSession.php:91
getName()
Get the session name.
setName($name)
Set the session name.
Database session handler.
The Elgg database.
Definition: Database.php:26
if($who_can_change_language==='nobody') elseif($who_can_change_language==='admin_only' &&!elgg_is_admin_logged_in()) $options
Definition: language.php:20
$config
Advanced site settings, debugging section.
Definition: debugging.php:6
foreach($recommendedExtensions as $extension) if(empty(ini_get('session.gc_probability'))||empty(ini_get('session.gc_divisor'))) $db
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
$value
Definition: generic.php:51
$default
Definition: checkbox.php:30
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29
endTimer(array $keys)
Ends the timer (when enabled)
Definition: Profilable.php:59
trait Profilable
Make an object accept a timer.
Definition: Profilable.php:12
beginTimer(array $keys)
Start the timer (when enabled)
Definition: Profilable.php:43