/**
* Tries to find session, basing on cookie data, DB (or other storage) data.
* To reduce DB searches of guest sessions, incoming cookie data may be signed to
* ensure, that session key wasn't changed by the user or on the way to server.
* To switch on such functionality, define
* <code>session.encrypt_guest_cookie.use=1</code>
*
* Additionally, custom method of session search could be implemented. Just
* hang on the "BeforeSessionSearch" behavior. If session id isn't null, that's a
* sign, that session was properly initialized by such third-party module.
*
* There are some config flags, that defines behavior of session search.
*
* <code>session.snap_to_ip</code>
* shows, that session is tied with IP address. If user's address changes, the
* session will be lost.
* <code>session.check_cast</code>
* If defined, the additional data from user will be checked (user agent, preferred languages,
* accept charset). In case of incompatibility, session won't be found.
* <code>session.single_access.allowed</code> if true gives one time authorized access (e.g. for
* private, custom created RSS). It works, if single access token is pointed.
* <code>session.single_access.token</code> defines the name of GET parameter for the token
* (http://site.com/?token=123123123)
*
* Behaviors BeforeSessionSearch and AfterSessionSearch are defined.
*
* @return SessionBase instance of the session
*/
public function find()
{
$config = Config::getInstance();
$this->trigger("BeforeSessionSearch", $this);
$this->ip = $this->getFullIP();
if ($this->id === null && $this->user_id === null) {
$cs = $this->getClientSession();
$ss = array();
//leave $ss empty (if verified_guest and cookie was marked) to setup guest session
$this->verified_guest = $cs['verified_guest'];
if ($this->verified_guest && $config->session->encrypt_guest_cookie->use) {
$this->setupGuest($cs['id']);
$this->trigger("AfterSessionSearch", $this);
return $this->user_id;
}
$ss = $this->getServerSession($cs['id']);
$param = array();
if ($cs['id'] && $ss && $ss['id'] && $ss['id'] == $cs['id'] && ($config->session->snap_to_ip ? $this->ip == $ss['ip'] : true) && ($config->session->check_cast ? $cs['cast'] == $ss['cast'] : true)) {
foreach ($this->params2save as $v) {
if (array_key_exists($v, $ss)) {
$this->{$v} = $ss[$v];
}
}
} else {
$this->setupGuest();
}
}
if ($this->user_id == User::GUEST && !$this->verified_guest && $config->session->single_access->allowed && isset(Controller::getInstance()->get->{$config->single_access->token})) {
$this->user_id = User::findBySingleAccessToken(Controller::getInstance()->get->{$config->single_access->token});
$this->is_persistent = $this->user_id != User::GUEST;
$this->remember_me = 0;
}
$this->trigger("AfterSessionSearch", $this);
if (!$this->id || !$this->user_id) {
throw new SessionException("Session id or user id not found");
}
return $this->user_id;
}
