Elgg  Version master
ElggSession.php
Go to the documentation of this file.
1 <?php
2 
3 use Elgg\Config;
4 use Elgg\Database;
5 use Elgg\Database\SessionHandler as ElggSessionHandler;
11 
19 class ElggSession {
20 
21  use Profilable;
22 
26  protected $storage;
27 
33  public function __construct(SessionInterface $storage) {
34  $this->storage = $storage;
35  }
36 
44  public function boot(): void {
45 
46  $this->beginTimer([__METHOD__]);
47 
48  $this->start();
49 
50  // test whether we have a user session
51  if ($this->has('guid')) {
52  $user = _elgg_services()->entityTable->get($this->get('guid'), 'user');
53  if (!$user instanceof ElggUser) {
54  // OMG user has been deleted.
55  $this->invalidate();
56 
57  // redirect to homepage
58  $this->endTimer([__METHOD__]);
59  _elgg_services()->responseFactory->redirect('');
60  }
61  } else {
62  $user = _elgg_services()->persistentLogin->bootSession();
63  if ($user instanceof ElggUser) {
64  _elgg_services()->persistentLogin->updateTokenUsage($user);
65  }
66  }
67 
68  if ($user instanceof ElggUser) {
69  _elgg_services()->session_manager->setLoggedInUser($user);
70  $user->setLastAction();
71 
72  // logout a user with open session who has been banned
73  if ($user->isBanned()) {
74  _elgg_services()->session_manager->logout();
75  }
76  }
77 
78  $this->endTimer([__METHOD__]);
79  }
80 
88  public function start() {
89 
90  if ($this->storage->getId()) {
91  return true;
92  }
93 
94  $result = $this->storage->start();
95  $this->generateSessionToken();
96  return $result;
97  }
98 
106  public function migrate($destroy = false) {
107  return $this->storage->migrate($destroy);
108  }
109 
118  public function invalidate() {
119  $this->storage->clear();
120  $result = $this->migrate(true);
121  $this->generateSessionToken();
122  _elgg_services()->sessionCache->clear();
123  return $result;
124  }
125 
132  public function save() {
133  $this->storage->save();
134  }
135 
142  public function isStarted() {
143  return $this->storage->isStarted();
144  }
145 
152  public function getID() {
153  return $this->storage->getId();
154  }
155 
163  public function setId($id) {
164  $this->storage->setId($id);
165  }
166 
173  public function getName() {
174  return $this->storage->getName();
175  }
176 
184  public function setName($name) {
185  $this->storage->setName($name);
186  }
187 
195  public function get($name, $default = null) {
196  return $this->storage->get($name, $default);
197  }
198 
206  public function set($name, $value) {
207  $this->storage->set($name, $value);
208  }
209 
217  public function remove($name) {
218  return $this->storage->remove($name);
219  }
220 
228  public function has($name) {
229  return $this->storage->has($name);
230  }
231 
240  protected function generateSessionToken() {
241  // Generate a simple token that we store server side
242  if (!$this->has('__elgg_session')) {
243  $this->set('__elgg_session', _elgg_services()->crypto->getRandomString(22));
244  }
245  }
246 
254  public static function getMock() {
255  $storage = new MockArraySessionStorage();
256  $session = new Session($storage);
257  return new self($session);
258  }
259 
270  public static function fromDatabase(Config $config, Database $db) {
271  $params = $config->getCookieConfig()['session'];
272  $options = [
273  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
274  // constructor, so we must capture and inject it directly.
275  'cache_limiter' => session_cache_limiter(),
276 
277  'name' => $params['name'],
278  'cookie_path' => $params['path'],
279  'cookie_domain' => $params['domain'],
280  'cookie_secure' => $params['secure'],
281  'cookie_httponly' => $params['httponly'],
282  'cookie_lifetime' => $params['lifetime'],
283  ];
284 
285  $handler = new ElggSessionHandler($db);
286  $storage = new NativeSessionStorage($options, $handler);
287  $session = new Session($storage);
288  return new self($session);
289  }
290 
300  public static function fromFiles(Config $config) {
301  $params = $config->getCookieConfig()['session'];
302  $options = [
303  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
304  // constructor, so we must capture and inject it directly.
305  'cache_limiter' => session_cache_limiter(),
306 
307  'name' => $params['name'],
308  'cookie_path' => $params['path'],
309  'cookie_domain' => $params['domain'],
310  'cookie_secure' => $params['secure'],
311  'cookie_httponly' => $params['httponly'],
312  'cookie_lifetime' => $params['lifetime'],
313  ];
314 
315  $storage = new NativeSessionStorage($options);
316  $session = new Session($storage);
317  return new self($session);
318  }
319 }
setId($id)
Set the session ID.
trait Profilable
Make an object accept a timer.
Definition: Profilable.php:12
$default
Definition: checkbox.php:31
setName($name)
Set the session name.
has($name)
Has the attribute been defined.
save()
Save the session data and closes the session.
$params
Saves global plugin settings.
Definition: save.php:13
if(!$user||!$user->canDelete()) $name
Definition: delete.php:22
The Elgg database.
Definition: Database.php:25
generateSessionToken()
Adds a token to the session.
migrate($destroy=false)
Migrates the session to a new session id while maintaining session attributes.
getName()
Get the session name.
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
invalidate()
Invalidates the session.
static fromFiles(Config $config)
Create a session stored in files.
isStarted()
Has the session been started.
start()
Start the session.
Definition: ElggSession.php:88
$options
Elgg admin footer.
Definition: footer.php:6
Elgg Session Management.
Definition: ElggSession.php:19
$value
Definition: generic.php:51
$config
Advanced site settings, debugging section.
Definition: debugging.php:6
foreach($recommendedExtensions as $extension) if(empty(ini_get('session.gc_probability'))||empty(ini_get('session.gc_divisor'))) $db
$user
Definition: ban.php:7
getID()
Get the session ID.
__construct(SessionInterface $storage)
Constructor.
Definition: ElggSession.php:33
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29
getCookieConfig()
Set up and return the cookie configuration array resolved from settings.
Definition: Config.php:399
beginTimer(array $keys)
Start the timer (when enabled)
Definition: Profilable.php:46
Database session handler.
_elgg_services()
Get the global service provider.
Definition: elgglib.php:346
static getMock()
Get an isolated ElggSession that does not persist between requests.
boot()
Initializes the session and checks for the remember me cookie.
Definition: ElggSession.php:44
$handler
Definition: add.php:7
$id
Generic annotation delete action.
Definition: delete.php:6
endTimer(array $keys)
Ends the timer (when enabled)
Definition: Profilable.php:62
static fromDatabase(Config $config, Database $db)
Create a session stored in the DB.