Example #1
0
 /**
  * Initialize the session handlers
  */
 static function init()
 {
     // the default path for the session cookie is /, but let's make that potentially more restrictive so no one steals our cookehs
     // we also can't use 'null' when we set a secure-only value, because that doesn't mean the same as the default like it should
     $path = Site::get_path('base', true);
     // the default is not to require a secure session
     $secure = false;
     // if we want to always require secure
     if (Config::get('force_secure_session') == true) {
         $secure = true;
     }
     // if this is an HTTPS connection by default we will
     // IIS sets HTTPS == 'off', so we have to check the value too
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
         $secure = true;
     }
     // but if we have explicitly disabled it, don't
     // note the ===. not setting it (ie: null) should not be the same as setting it to false
     if (Config::get('force_secure_session') === false) {
         $secure = false;
     }
     // now we've got a path and secure, so set the cookie values
     session_set_cookie_params(null, $path, null, $secure);
     // figure out the session lifetime and let plugins change it
     $lifetime = ini_get('session.gc_maxlifetime');
     self::$lifetime = Plugins::filter('session_lifetime', $lifetime);
     session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc'));
     // session::write gets called after object destruction, so our class isn't available
     // fix that by registering it as a shutdown function, before objects are destroyed
     register_shutdown_function('session_write_close');
     if (!isset($_SESSION)) {
         session_start();
     }
     return true;
 }
Example #2
0
 /**
  * Open function, this works like a constructor in classes and is executed when the session is being opened.
  * The open function expects two parameters, where the first is the save path and the second is the session name.
  *
  * @param string $save_path 
  * @param string $session_name 
  * @return bool
  * @author Craig Ulliott
  */
 public static function open()
 {
     // pull the session lifetime from php.ini
     self::$lifetime = get_cfg_var('session.gc_maxlifetime');
     // always return true
     return true;
 }
Example #3
0
 /**
  * sets up the session storage method and starts the session
  * 
  * note: if database storage is used then session_write_close() must be used
  * at the end of every page to ensure the session is written to
  * 
  * @param string $tableName if $tableName is passed then database storage is used
  * @return void
  */
 public static function init($tableName = '')
 {
     // are we using database storage?
     if ($tableName) {
         self::$tableName = $tableName;
         // Register session handler callbacks
         session_set_save_handler(array('Session', "open"), array('Session', "close"), array('Session', "read"), array('Session', "write"), array('Session', "destroy"), array('Session', "gc"));
     }
     // read the maxlifetime setting from PHP
     self::$lifetime = get_cfg_var("session.gc_maxlifetime");
     $configSessionShare = Config::get_optional('session_share');
     // default to only share sessions with current server name
     $sessionShare = !empty($configSessionShare) ? $configSessionShare : SERVER_NAME;
     session_set_cookie_params(self::$lifetime, '/', $sessionShare);
     if (Config::get_optional('session_path')) {
         $sessionPath = Config::get_optional('session_path');
         session_save_path($sessionPath);
     }
     session_start();
 }
Example #4
0
 static function open($save_path, $sess_name)
 {
     // get session-lifetime
     self::$lifetime = SESSION_ALIVE_TIME;
 }