/**
* Does the PHP session with given id exist?
*
* The session must exist both in session table and actual
* session backend and the session must not be timed out.
*
* Timeout evaluation is simplified, the auth hooks are not executed.
*
* @param string $sid
* @return bool
*/
public static function session_exists($sid)
{
global $DB, $CFG;
if (empty($CFG->version)) {
// Not installed yet, do not try to access database.
return false;
}
// Note: add sessions->state checking here if it gets implemented.
if (!($record = $DB->get_record('sessions', array('sid' => $sid), 'id, userid, timemodified'))) {
return false;
}
if (empty($record->userid) or isguestuser($record->userid)) {
// Ignore guest and not-logged-in timeouts, there is very little risk here.
} else {
if ($record->timemodified < time() - $CFG->sessiontimeout) {
return false;
}
}
// There is no need the existence of handler storage in public API.
self::load_handler();
return self::$handler->session_exists($sid);
}
/**
* Does the PHP session with given id exist?
*
* Note: this does not actually verify the presence of sessions record.
*
* @param string $sid
* @return bool
*/
public static function session_exists($sid)
{
self::load_handler();
return self::$handler->session_exists($sid);
}
