function login($account, $passwordhash)
{
if (isValid($account, $passwordhash)) {
session_reset();
session_regenerate_id(true);
$_SESSION["account"] = $account;
$_SESSION["passwordhash"] = $passwordhash;
return true;
} else {
return false;
}
}
public function reset()
{
session_reset();
}
/**
* @dataProvider provideHandlers
* @param string $handler php serialize_handler to use
*/
public function testSessionHandling($handler)
{
$this->hideDeprecated('$_SESSION');
$reset[] = $this->getResetter($rProp);
$this->setMwGlobals(array('wgSessionProviders' => array(array('class' => 'DummySessionProvider')), 'wgObjectCacheSessionExpiry' => 2));
$store = new \HashBagOStuff();
$logger = new \TestLogger(true, function ($m) {
return preg_match('/^SessionBackend a{32} /', $m) ? null : $m;
});
$manager = new SessionManager(array('store' => $store, 'logger' => $logger));
PHPSessionHandler::install($manager);
$wrap = \TestingAccessWrapper::newFromObject($rProp->getValue());
$reset[] = new \ScopedCallback(array($wrap, 'setEnableFlags'), array($wrap->enable ? $wrap->warn ? 'warn' : 'enable' : 'disable'));
$wrap->setEnableFlags('warn');
\MediaWiki\suppressWarnings();
ini_set('session.serialize_handler', $handler);
\MediaWiki\restoreWarnings();
if (ini_get('session.serialize_handler') !== $handler) {
$this->markTestSkipped("Cannot set session.serialize_handler to \"{$handler}\"");
}
// Session IDs for testing
$sessionA = str_repeat('a', 32);
$sessionB = str_repeat('b', 32);
$sessionC = str_repeat('c', 32);
// Set up garbage data in the session
$_SESSION['AuthenticationSessionTest'] = 'bogus';
session_id($sessionA);
session_start();
$this->assertSame(array(), $_SESSION);
$this->assertSame($sessionA, session_id());
// Set some data in the session so we can see if it works.
$rand = mt_rand();
$_SESSION['AuthenticationSessionTest'] = $rand;
$expect = array('AuthenticationSessionTest' => $rand);
session_write_close();
$this->assertSame(array(array(LogLevel::WARNING, 'Something wrote to $_SESSION!')), $logger->getBuffer());
// Screw up $_SESSION so we can tell the difference between "this
// worked" and "this did nothing"
$_SESSION['AuthenticationSessionTest'] = 'bogus';
// Re-open the session and see that data was actually reloaded
session_start();
$this->assertSame($expect, $_SESSION);
// Make sure session_reset() works too.
if (function_exists('session_reset')) {
$_SESSION['AuthenticationSessionTest'] = 'bogus';
session_reset();
$this->assertSame($expect, $_SESSION);
}
// Re-fill the session, then test that session_destroy() works.
$_SESSION['AuthenticationSessionTest'] = $rand;
session_write_close();
session_start();
$this->assertSame($expect, $_SESSION);
session_destroy();
session_id($sessionA);
session_start();
$this->assertSame(array(), $_SESSION);
session_write_close();
// Test that our session handler won't clone someone else's session
session_id($sessionB);
session_start();
$this->assertSame($sessionB, session_id());
$_SESSION['id'] = 'B';
session_write_close();
session_id($sessionC);
session_start();
$this->assertSame(array(), $_SESSION);
$_SESSION['id'] = 'C';
session_write_close();
session_id($sessionB);
session_start();
$this->assertSame(array('id' => 'B'), $_SESSION);
session_write_close();
session_id($sessionC);
session_start();
$this->assertSame(array('id' => 'C'), $_SESSION);
session_destroy();
session_id($sessionB);
session_start();
$this->assertSame(array('id' => 'B'), $_SESSION);
// Test merging between Session and $_SESSION
session_write_close();
$session = $manager->getEmptySession();
$session->set('Unchanged', 'setup');
$session->set('Unchanged, null', null);
$session->set('Changed in $_SESSION', 'setup');
$session->set('Changed in Session', 'setup');
$session->set('Changed in both', 'setup');
$session->set('Deleted in Session', 'setup');
$session->set('Deleted in $_SESSION', 'setup');
$session->set('Deleted in both', 'setup');
$session->set('Deleted in Session, changed in $_SESSION', 'setup');
$session->set('Deleted in $_SESSION, changed in Session', 'setup');
$session->persist();
$session->save();
session_id($session->getId());
session_start();
$session->set('Added in Session', 'Session');
$session->set('Added in both', 'Session');
$session->set('Changed in Session', 'Session');
$session->set('Changed in both', 'Session');
$session->set('Deleted in $_SESSION, changed in Session', 'Session');
$session->remove('Deleted in Session');
$session->remove('Deleted in both');
$session->remove('Deleted in Session, changed in $_SESSION');
$session->save();
$_SESSION['Added in $_SESSION'] = '$_SESSION';
$_SESSION['Added in both'] = '$_SESSION';
$_SESSION['Changed in $_SESSION'] = '$_SESSION';
$_SESSION['Changed in both'] = '$_SESSION';
$_SESSION['Deleted in Session, changed in $_SESSION'] = '$_SESSION';
unset($_SESSION['Deleted in $_SESSION']);
unset($_SESSION['Deleted in both']);
unset($_SESSION['Deleted in $_SESSION, changed in Session']);
session_write_close();
$this->assertEquals(array('Added in Session' => 'Session', 'Added in $_SESSION' => '$_SESSION', 'Added in both' => 'Session', 'Unchanged' => 'setup', 'Unchanged, null' => null, 'Changed in Session' => 'Session', 'Changed in $_SESSION' => '$_SESSION', 'Changed in both' => 'Session', 'Deleted in Session, changed in $_SESSION' => '$_SESSION', 'Deleted in $_SESSION, changed in Session' => 'Session'), iterator_to_array($session));
$session->clear();
$session->set(42, 'forty-two');
$session->set('forty-two', 42);
$session->set('wrong', 43);
$session->persist();
$session->save();
session_start();
$this->assertArrayHasKey('forty-two', $_SESSION);
$this->assertSame(42, $_SESSION['forty-two']);
$this->assertArrayHasKey('wrong', $_SESSION);
unset($_SESSION['wrong']);
session_write_close();
$this->assertEquals(array(42 => 'forty-two', 'forty-two' => 42), iterator_to_array($session));
// Test that write doesn't break if the session is invalid
$session = $manager->getEmptySession();
$session->persist();
session_id($session->getId());
session_start();
$this->mergeMwGlobalArrayValue('wgHooks', array('SessionCheckInfo' => array(function (&$reason) {
$reason = 'Testing';
return false;
})));
$this->assertNull($manager->getSessionById($session->getId(), true), 'sanity check');
session_write_close();
$this->mergeMwGlobalArrayValue('wgHooks', array('SessionCheckInfo' => array()));
$this->assertNotNull($manager->getSessionById($session->getId(), true), 'sanity check');
}
public function reset()
{
if (function_exists('session_reset')) {
session_reset();
}
}
public static function reset()
{
return session_reset();
}
<?php
echo '<form method="post">
<button type="submit" name="us" value="us">Reset session</button>
<input type="text" name="session">
</form>';
if (isset($_POST["us"])) {
if ($_POST["us"] == "us") {
if (isset($_SESSION[$_POST["session"]])) {
$var = $_SESSION[$_POST["session"]];
unset($_SESSION[$_POST["session"]], $var);
} else {
session_reset();
}
}
}
public static function restart()
{
session_reset();
}
/**
* Re-initialize session array with original values.
*
* @throws Flex\SessionException
*/
public function reset()
{
if ($this->status == PHP_SESSION_NONE) {
throw new SessionException("reset must be called after session start and no active session was found.");
}
if ($this->status == PHP_SESSION_DISABLED) {
throw new SessionException("Sessions are disabled");
}
session_reset();
}
