Elgg  Version master
ElggSession.php
Go to the documentation of this file.
1 <?php
2 
3 use Elgg\Config;
4 use Elgg\Database;
5 use Elgg\Database\SessionHandler as ElggSessionHandler;
6 use Elgg\Traits\Debug\Profilable;
7 use Symfony\Component\HttpFoundation\Session\Session;
8 use Symfony\Component\HttpFoundation\Session\SessionInterface;
9 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
10 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
11 
19 class ElggSession {
20 
21  use Profilable;
22 
26  protected $storage;
27 
33  public function __construct(SessionInterface $storage) {
34  $this->storage = $storage;
35  }
36 
44  public function boot(): void {
45 
46  $this->beginTimer([__METHOD__]);
47 
48  $this->start();
49 
50  $migrate_session = false;
51 
52  // test whether we have a user session
53  if ($this->has('guid')) {
54  $user = _elgg_services()->entityTable->get($this->get('guid'), 'user');
55  if (!$user instanceof ElggUser) {
56  // OMG user has been deleted.
57  $this->invalidate();
58 
59  // redirect to homepage
60  $this->endTimer([__METHOD__]);
61  _elgg_services()->responseFactory->redirect('');
62  }
63  } else {
64  $user = _elgg_services()->persistentLogin->bootSession();
65  if ($user instanceof ElggUser) {
66  _elgg_services()->persistentLogin->updateTokenUsage($user);
67  $migrate_session = true;
68  }
69  }
70 
71  if ($user instanceof ElggUser) {
72  _elgg_services()->session_manager->setLoggedInUser($user, $migrate_session);
73  $user->setLastAction();
74 
75  // logout a user with open session who has been banned
76  if ($user->isBanned()) {
77  _elgg_services()->session_manager->logout();
78  }
79  }
80 
81  $this->endTimer([__METHOD__]);
82  }
83 
91  public function start() {
92 
93  if ($this->storage->getId()) {
94  return true;
95  }
96 
97  $result = $this->storage->start();
98  $this->generateSessionToken();
99  return $result;
100  }
101 
109  public function migrate(bool $destroy = true) {
110  return $this->storage->migrate($destroy);
111  }
112 
121  public function invalidate() {
122  $this->storage->clear();
123  $result = $this->migrate(true);
124  $this->generateSessionToken();
125  _elgg_services()->accessCache->clear();
126  return $result;
127  }
128 
135  public function save() {
136  $this->storage->save();
137  }
138 
145  public function isStarted() {
146  return $this->storage->isStarted();
147  }
148 
155  public function getID() {
156  return $this->storage->getId();
157  }
158 
166  public function setId($id) {
167  $this->storage->setId($id);
168  }
169 
176  public function getName() {
177  return $this->storage->getName();
178  }
179 
187  public function setName($name) {
188  $this->storage->setName($name);
189  }
190 
198  public function get($name, $default = null) {
199  return $this->storage->get($name, $default);
200  }
201 
209  public function set($name, $value) {
210  $this->storage->set($name, $value);
211  }
212 
220  public function remove($name) {
221  return $this->storage->remove($name);
222  }
223 
231  public function has($name) {
232  return $this->storage->has($name);
233  }
234 
243  protected function generateSessionToken() {
244  // Generate a simple token that we store server side
245  if (!$this->has('__elgg_session')) {
246  $this->set('__elgg_session', _elgg_services()->crypto->getRandomString(22));
247  }
248  }
249 
257  public static function getMock() {
258  $storage = new MockArraySessionStorage();
259  $session = new Session($storage);
260  return new self($session);
261  }
262 
273  public static function fromDatabase(Config $config, Database $db) {
274  $params = $config->getCookieConfig()['session'];
275  $options = [
276  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
277  // constructor, so we must capture and inject it directly.
278  'cache_limiter' => session_cache_limiter(),
279 
280  'name' => $params['name'],
281  'cookie_path' => $params['path'],
282  'cookie_domain' => $params['domain'],
283  'cookie_secure' => $params['secure'],
284  'cookie_httponly' => $params['httponly'],
285  'cookie_lifetime' => $params['lifetime'],
286  'cookie_samesite' => $params['samesite'],
287  ];
288 
289  $handler = new ElggSessionHandler($db);
290  $storage = new NativeSessionStorage($options, $handler);
291  $session = new Session($storage);
292  return new self($session);
293  }
294 
304  public static function fromFiles(Config $config) {
305  $params = $config->getCookieConfig()['session'];
306  $options = [
307  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
308  // constructor, so we must capture and inject it directly.
309  'cache_limiter' => session_cache_limiter(),
310 
311  'name' => $params['name'],
312  'cookie_path' => $params['path'],
313  'cookie_domain' => $params['domain'],
314  'cookie_secure' => $params['secure'],
315  'cookie_httponly' => $params['httponly'],
316  'cookie_lifetime' => $params['lifetime'],
317  ];
318 
319  $storage = new NativeSessionStorage($options);
320  $session = new Session($storage);
321  return new self($session);
322  }
323 }
ElggSession\setId
setId($id)
Set the session ID.
Definition: ElggSession.php:166
Elgg\Traits\Debug\Profilable
trait Profilable
Make an object accept a timer.
Definition: Profilable.php:12
$default
$default
Definition: checkbox.php:30
ElggSession\setName
setName($name)
Set the session name.
Definition: ElggSession.php:187
ElggSession\has
has($name)
Has the attribute been defined.
Definition: ElggSession.php:231
ElggSession\save
save()
Save the session data and closes the session.
Definition: ElggSession.php:135
$params
$params
Saves global plugin settings.
Definition: save.php:13
$result
$result
Definition: set_maintenance_mode.php:11
$name
if(!$user||!$user->canDelete()) $name
Definition: delete.php:22
Elgg\Database
The Elgg database.
Definition: Database.php:26
ElggSession\generateSessionToken
generateSessionToken()
Adds a token to the session.
Definition: ElggSession.php:243
ElggSession\getName
getName()
Get the session name.
Definition: ElggSession.php:176
void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
ElggSession\invalidate
invalidate()
Invalidates the session.
Definition: ElggSession.php:121
ElggSession\fromFiles
static fromFiles(Config $config)
Create a session stored in files.
Definition: ElggSession.php:304
ElggSession\isStarted
isStarted()
Has the session been started.
Definition: ElggSession.php:145
ElggSession\start
start()
Start the session.
Definition: ElggSession.php:91
ElggSession
Elgg Session Management.
Definition: ElggSession.php:19
$value
$value
Definition: generic.php:51
$config
$config
Advanced site settings, debugging section.
Definition: debugging.php:6
$options
if($who_can_change_language=== 'nobody') elseif($who_can_change_language=== 'admin_only'&&!elgg_is_admin_logged_in()) $options
Definition: language.php:20
$db
foreach($recommendedExtensions as $extension) if(empty(ini_get('session.gc_probability'))||empty(ini_get('session.gc_divisor'))) $db
Definition: requirements.php:94
$user
$user
Definition: ban.php:7
ElggSession\getID
getID()
Get the session ID.
Definition: ElggSession.php:155
ElggSession\__construct
__construct(SessionInterface $storage)
Constructor.
Definition: ElggSession.php:33
$session
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29
Elgg\Config\getCookieConfig
getCookieConfig()
Set up and return the cookie configuration array resolved from settings.
Definition: Config.php:415
Elgg\Traits\Debug\beginTimer
beginTimer(array $keys)
Start the timer (when enabled)
Definition: Profilable.php:43
ElggSession\migrate
migrate(bool $destroy=true)
Migrates the session to a new session id while maintaining session attributes.
Definition: ElggSession.php:109
Elgg\Database\SessionHandler
Database session handler.
Definition: SessionHandler.php:13
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
ElggSession\getMock
static getMock()
Get an isolated ElggSession that does not persist between requests.
Definition: ElggSession.php:257
ElggSession\boot
boot()
Initializes the session and checks for the remember me cookie.
Definition: ElggSession.php:44
$handler
$handler
Definition: add.php:7
$id
$id
Generic annotation delete action.
Definition: delete.php:6
Elgg\Traits\Debug\endTimer
endTimer(array $keys)
Ends the timer (when enabled)
Definition: Profilable.php:59
ElggSession\fromDatabase
static fromDatabase(Config $config, Database $db)
Create a session stored in the DB.
Definition: ElggSession.php:273
Generated on Sat May 31 2025 00:02:03 for Elgg by   doxygen 1.8.11