/** * Tries to find session, basing on cookie data, DB (or other storage) data. * To reduce DB searches of guest sessions, incoming cookie data may be signed to * ensure, that session key wasn't changed by the user or on the way to server. * To switch on such functionality, define * <code>session.encrypt_guest_cookie.use=1</code> * * Additionally, custom method of session search could be implemented. Just * hang on the "BeforeSessionSearch" behavior. If session id isn't null, that's a * sign, that session was properly initialized by such third-party module. * * There are some config flags, that defines behavior of session search. * * <code>session.snap_to_ip</code> * shows, that session is tied with IP address. If user's address changes, the * session will be lost. * <code>session.check_cast</code> * If defined, the additional data from user will be checked (user agent, preferred languages, * accept charset). In case of incompatibility, session won't be found. * <code>session.single_access.allowed</code> if true gives one time authorized access (e.g. for * private, custom created RSS). It works, if single access token is pointed. * <code>session.single_access.token</code> defines the name of GET parameter for the token * (http://site.com/?token=123123123) * * Behaviors BeforeSessionSearch and AfterSessionSearch are defined. * * @return SessionBase instance of the session */ public function find() { $config = Config::getInstance(); $this->trigger("BeforeSessionSearch", $this); $this->ip = $this->getFullIP(); if ($this->id === null && $this->user_id === null) { $cs = $this->getClientSession(); $ss = array(); //leave $ss empty (if verified_guest and cookie was marked) to setup guest session $this->verified_guest = $cs['verified_guest']; if ($this->verified_guest && $config->session->encrypt_guest_cookie->use) { $this->setupGuest($cs['id']); $this->trigger("AfterSessionSearch", $this); return $this->user_id; } $ss = $this->getServerSession($cs['id']); $param = array(); if ($cs['id'] && $ss && $ss['id'] && $ss['id'] == $cs['id'] && ($config->session->snap_to_ip ? $this->ip == $ss['ip'] : true) && ($config->session->check_cast ? $cs['cast'] == $ss['cast'] : true)) { foreach ($this->params2save as $v) { if (array_key_exists($v, $ss)) { $this->{$v} = $ss[$v]; } } } else { $this->setupGuest(); } } if ($this->user_id == User::GUEST && !$this->verified_guest && $config->session->single_access->allowed && isset(Controller::getInstance()->get->{$config->single_access->token})) { $this->user_id = User::findBySingleAccessToken(Controller::getInstance()->get->{$config->single_access->token}); $this->is_persistent = $this->user_id != User::GUEST; $this->remember_me = 0; } $this->trigger("AfterSessionSearch", $this); if (!$this->id || !$this->user_id) { throw new SessionException("Session id or user id not found"); } return $this->user_id; }