/** * Initialize the session handlers */ static function init() { // the default path for the session cookie is /, but let's make that potentially more restrictive so no one steals our cookehs // we also can't use 'null' when we set a secure-only value, because that doesn't mean the same as the default like it should $path = Site::get_path('base', true); // the default is not to require a secure session $secure = false; // if we want to always require secure if (Config::get('force_secure_session') == true) { $secure = true; } // if this is an HTTPS connection by default we will // IIS sets HTTPS == 'off', so we have to check the value too if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { $secure = true; } // but if we have explicitly disabled it, don't // note the ===. not setting it (ie: null) should not be the same as setting it to false if (Config::get('force_secure_session') === false) { $secure = false; } // now we've got a path and secure, so set the cookie values session_set_cookie_params(null, $path, null, $secure); // figure out the session lifetime and let plugins change it $lifetime = ini_get('session.gc_maxlifetime'); self::$lifetime = Plugins::filter('session_lifetime', $lifetime); session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc')); // session::write gets called after object destruction, so our class isn't available // fix that by registering it as a shutdown function, before objects are destroyed register_shutdown_function('session_write_close'); if (!isset($_SESSION)) { session_start(); } return true; }
/** * Open function, this works like a constructor in classes and is executed when the session is being opened. * The open function expects two parameters, where the first is the save path and the second is the session name. * * @param string $save_path * @param string $session_name * @return bool * @author Craig Ulliott */ public static function open() { // pull the session lifetime from php.ini self::$lifetime = get_cfg_var('session.gc_maxlifetime'); // always return true return true; }
/** * sets up the session storage method and starts the session * * note: if database storage is used then session_write_close() must be used * at the end of every page to ensure the session is written to * * @param string $tableName if $tableName is passed then database storage is used * @return void */ public static function init($tableName = '') { // are we using database storage? if ($tableName) { self::$tableName = $tableName; // Register session handler callbacks session_set_save_handler(array('Session', "open"), array('Session', "close"), array('Session', "read"), array('Session', "write"), array('Session', "destroy"), array('Session', "gc")); } // read the maxlifetime setting from PHP self::$lifetime = get_cfg_var("session.gc_maxlifetime"); $configSessionShare = Config::get_optional('session_share'); // default to only share sessions with current server name $sessionShare = !empty($configSessionShare) ? $configSessionShare : SERVER_NAME; session_set_cookie_params(self::$lifetime, '/', $sessionShare); if (Config::get_optional('session_path')) { $sessionPath = Config::get_optional('session_path'); session_save_path($sessionPath); } session_start(); }
static function open($save_path, $sess_name) { // get session-lifetime self::$lifetime = SESSION_ALIVE_TIME; }