/** * Set the browser cookie * @param string $name name of cookie * @param string $value value to give cookie * @param int|null $expire Unix timestamp (in seconds) when the cookie should expire. * 0 (the default) causes it to expire $wgCookieExpiration seconds from now. * null causes it to be a session cookie. * @param array $options Assoc of additional cookie options: * prefix: string, name prefix ($wgCookiePrefix) * domain: string, cookie domain ($wgCookieDomain) * path: string, cookie path ($wgCookiePath) * secure: bool, secure attribute ($wgCookieSecure) * httpOnly: bool, httpOnly attribute ($wgCookieHttpOnly) * raw: bool, if true uses PHP's setrawcookie() instead of setcookie() * For backwards compatability, if $options is not an array then it and * the following two parameters will be interpreted as values for * 'prefix', 'domain', and 'secure' * @since 1.22 Replaced $prefix, $domain, and $forceSecure with $options */ public function setcookie($name, $value, $expire = 0, $options = null) { global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly; if (!is_array($options)) { // Backwards compatability $options = array('prefix' => $options); if (func_num_args() >= 5) { $options['domain'] = func_get_arg(4); } if (func_num_args() >= 6) { $options['secure'] = func_get_arg(5); } } $options = array_filter($options, function ($a) { return $a !== null; }) + array('prefix' => $wgCookiePrefix, 'domain' => $wgCookieDomain, 'path' => $wgCookiePath, 'secure' => $wgCookieSecure, 'httpOnly' => $wgCookieHttpOnly, 'raw' => false); if ($expire === null) { $expire = 0; // Session cookie } elseif ($expire == 0 && $wgCookieExpiration != 0) { $expire = time() + $wgCookieExpiration; } // Don't mark the cookie as httpOnly if the requesting user-agent is // known to have trouble with httpOnly cookies. if (!wfHttpOnlySafe()) { $options['httpOnly'] = false; } $func = $options['raw'] ? 'setrawcookie' : 'setcookie'; if (wfRunHooks('WebResponseSetCookie', array(&$name, &$value, &$expire, $options))) { wfDebugLog('cookie', $func . ': "' . implode('", "', array($options['prefix'] . $name, $value, $expire, $options['path'], $options['domain'], $options['secure'], $options['httpOnly'])) . '"'); call_user_func($func, $options['prefix'] . $name, $value, $expire, $options['path'], $options['domain'], $options['secure'], $options['httpOnly']); } }
/** * Set the browser cookie * @param string $name name of cookie * @param string $value value to give cookie * @param int $expire Unix timestamp (in seconds) when the cookie should expire. * 0 (the default) causes it to expire $wgCookieExpiration seconds from now. * @param string $prefix Prefix to use, if not $wgCookiePrefix (use '' for no prefix) * @param string $domain Cookie domain to use, if not $wgCookieDomain * @param $forceSecure Bool: * true: force the cookie to be set with the secure attribute * false: force the cookie to be set without the secure attribute * null: use the value from $wgCookieSecure */ public function setcookie($name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null) { global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly; if ($expire == 0) { $expire = time() + $wgCookieExpiration; } if ($prefix === null) { $prefix = $wgCookiePrefix; } if ($domain === null) { $domain = $wgCookieDomain; } if (is_null($forceSecure)) { $secureCookie = $wgCookieSecure; } else { $secureCookie = $forceSecure; } // Mark the cookie as httpOnly if $wgCookieHttpOnly is true, // unless the requesting user-agent is known to have trouble with // httpOnly cookies. $httpOnlySafe = $wgCookieHttpOnly && wfHttpOnlySafe(); wfDebugLog('cookie', 'setcookie: "' . implode('", "', array($prefix . $name, $value, $expire, $wgCookiePath, $domain, $secureCookie, $httpOnlySafe)) . '"'); setcookie($prefix . $name, $value, $expire, $wgCookiePath, $domain, $secureCookie, $httpOnlySafe); }
/** Set the browser cookie * @param $name String: name of cookie * @param $value String: value to give cookie * @param $expire Int: number of seconds til cookie expires */ public function setcookie($name, $value, $expire = 0) { global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly; if ($expire == 0) { $expire = time() + $wgCookieExpiration; } $httpOnlySafe = wfHttpOnlySafe(); wfDebugLog('cookie', 'setcookie: "' . implode('", "', array($wgCookiePrefix . $name, $value, $expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe && $wgCookieHttpOnly)) . '"'); if ($httpOnlySafe && isset($wgCookieHttpOnly)) { setcookie($wgCookiePrefix . $name, $value, $expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly); } else { // setcookie() fails on PHP 5.1 if you give it future-compat paramters. // stab stab! setcookie($wgCookiePrefix . $name, $value, $expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure); } }
/** * Set the browser cookie * @param $name String: name of cookie * @param $value String: value to give cookie * @param $expire Int: number of seconds til cookie expires * @param $prefix String: Prefix to use, if not $wgCookiePrefix (use '' for no prefix) * @param @domain String: Cookie domain to use, if not $wgCookieDomain */ public function setcookie($name, $value, $expire = 0, $prefix = null, $domain = null) { global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly; if ($expire == 0) { $expire = time() + $wgCookieExpiration; } if ($prefix === null) { $prefix = $wgCookiePrefix; } if ($domain === null) { $domain = $wgCookieDomain; } $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog('cookie', 'setcookie: "' . implode('", "', array($prefix . $name, $value, $expire, $wgCookiePath, $domain, $wgCookieSecure, $httpOnlySafe)) . '"'); setcookie($prefix . $name, $value, $expire, $wgCookiePath, $domain, $wgCookieSecure, $httpOnlySafe); }
/** * Initialise php session * * @param $sessionId Bool */ function wfSetupSession($sessionId = false) { global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly, $wgSessionHandler; if ($wgSessionsInMemcached) { if (!defined('MW_COMPILED')) { global $IP; require_once "{$IP}/includes/cache/MemcachedSessions.php"; } session_set_save_handler('memsess_open', 'memsess_close', 'memsess_read', 'memsess_write', 'memsess_destroy', 'memsess_gc'); // It's necessary to register a shutdown function to call session_write_close(), // because by the time the request shutdown function for the session module is // called, $wgMemc has already been destroyed. Shutdown functions registered // this way are called before object destruction. register_shutdown_function('memsess_write_close'); } elseif ($wgSessionHandler && $wgSessionHandler != ini_get('session.save_handler')) { # Only set this if $wgSessionHandler isn't null and session.save_handler # hasn't already been set to the desired value (that causes errors) ini_set('session.save_handler', $wgSessionHandler); } $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog('cookie', 'session_set_cookie_params: "' . implode('", "', array(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe)) . '"'); session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe); session_cache_limiter('private, must-revalidate'); if ($sessionId) { session_id($sessionId); } wfSuppressWarnings(); session_start(); wfRestoreWarnings(); }
/** * Initialise php session * * @param $sessionId Bool */ function wfSetupSession($sessionId = false) { global $wgSessionsInMemcached, $wgSessionsInObjectCache, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly, $wgSessionHandler; if ($wgSessionsInObjectCache || $wgSessionsInMemcached) { ObjectCacheSessionHandler::install(); } elseif ($wgSessionHandler && $wgSessionHandler != ini_get('session.save_handler')) { # Only set this if $wgSessionHandler isn't null and session.save_handler # hasn't already been set to the desired value (that causes errors) ini_set('session.save_handler', $wgSessionHandler); } $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog('cookie', 'session_set_cookie_params: "' . implode('", "', array(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe)) . '"'); session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe); session_cache_limiter('private, must-revalidate'); if ($sessionId) { session_id($sessionId); } else { wfFixSessionID(); } wfSuppressWarnings(); session_start(); wfRestoreWarnings(); }
/** * Initialise php session */ function wfSetupSession() { global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly; if ($wgSessionsInMemcached) { require_once 'MemcachedSessions.php'; } elseif ('files' != ini_get('session.save_handler')) { # If it's left on 'user' or another setting from another # application, it will end up failing. Try to recover. ini_set('session.save_handler', 'files'); } $httpOnlySafe = wfHttpOnlySafe(); wfDebugLog('cookie', 'session_set_cookie_params: "' . implode('", "', array(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe && $wgCookieHttpOnly)) . '"'); if ($httpOnlySafe && $wgCookieHttpOnly) { session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly); } else { // PHP 5.1 throws warnings if you pass the HttpOnly parameter for 5.2. session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure); } session_cache_limiter('private, must-revalidate'); wfSuppressWarnings(); session_start(); wfRestoreWarnings(); }
/** * Initialise php session * * @param $sessionId Bool */ function wfSetupSession($sessionId = false) { global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly, $wgSessionHandler; if ($wgSessionsInMemcached) { if (!defined('MW_COMPILED')) { global $IP; require_once "{$IP}/includes/cache/MemcachedSessions.php"; } session_set_save_handler('memsess_open', 'memsess_close', 'memsess_read', 'memsess_write', 'memsess_destroy', 'memsess_gc'); // It's necessary to register a shutdown function to call session_write_close(), // because by the time the request shutdown function for the session module is // called, $wgMemc has already been destroyed. Shutdown functions registered // this way are called before object destruction. register_shutdown_function('memsess_write_close'); } elseif ($wgSessionHandler && $wgSessionHandler != ini_get('session.save_handler')) { # Only set this if $wgSessionHandler isn't null and session.save_handler # hasn't already been set to the desired value (that causes errors) ini_set('session.save_handler', $wgSessionHandler); } $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog('cookie', 'session_set_cookie_params: "' . implode('", "', array(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe)) . '"'); session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe); session_cache_limiter('private, must-revalidate'); if ($sessionId) { session_id($sessionId); } else { wfFixSessionID(); } wfSuppressWarnings(); session_start(); wfRestoreWarnings(); // Wikia change - start // log all sessions started with 1% sampling (PLATFORM-1266) if ((new Wikia\Util\Statistics\BernoulliTrial(0.01))->shouldSample()) { Wikia\Logger\WikiaLogger::instance()->info(__METHOD__, ['caller' => wfGetAllCallers(), 'exception' => new Exception()]); } // Wikia change - end }
/** * Initialise php session */ function wfSetupSession($sessionId = false) { global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly, $wgSessionHandler; if ($wgSessionsInMemcached) { require_once 'MemcachedSessions.php'; } elseif ($wgSessionHandler && $wgSessionHandler != ini_get('session.save_handler')) { # Only set this if $wgSessionHandler isn't null and session.save_handler # hasn't already been set to the desired value (that causes errors) ini_set('session.save_handler', $wgSessionHandler); } $httpOnlySafe = wfHttpOnlySafe(); wfDebugLog('cookie', 'session_set_cookie_params: "' . implode('", "', array(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe && $wgCookieHttpOnly)) . '"'); if ($httpOnlySafe && $wgCookieHttpOnly) { session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly); } else { // PHP 5.1 throws warnings if you pass the HttpOnly parameter for 5.2. session_set_cookie_params(0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure); } session_cache_limiter('private, must-revalidate'); if ($sessionId) { session_id($sessionId); } wfSuppressWarnings(); session_start(); wfRestoreWarnings(); }