/** * Set a cookie. * * @param string $name cookie name * @param string $value cookie value * @param int $expires expiry time (UNIX time) * @param string $path path on which the cookie is available * @param string $domain domain on which cookie is available * @param bool $secure whether to only send the cookie over https */ function set($name, $value, $expires = null, $path = null, $domain = null, $secure = null) { // if domain/path is default (null), and a server document root value is // available, then we use that as these parameters. if (is_null($path) && is_null($domain) && $this->root) { $path = '/'; if (count($this->root->getPath()) > 0) { $path .= implode('/', $this->root->getPath()) . '/'; } $domain = $this->root->getHost(); // remove any 'www.' prefix subdomain as not relevant, and take off // any port information. if (strncasecmp('www.', $domain, 4) === 0) { $domain = substr($domain, 4); } if (($pos = strpos($domain, ':')) !== false) { $domain = substr($domain, 0, $pos); } if (strpos($domain, '.') === false) { $domain = null; // HTTP protocol doesn't allow setting top level domains like // 'localhost' for security reasons } else { $domain = '.' . $domain; // prefix domain with dot to make sure it is // available on all sub-domains } } elseif (strlen($domain) > 0 && strpos($domain, '.') === false) { $msg = "{$domain} is a TLD which HTTP protocol forbids in a cookie"; throw new InvalidArgumentException($msg); } if ($expires > time() || !is_int($expires)) { $this->data[$name] = $value; } else { // deleting cookie unset($this->data[$name]); $value = null; } $this->doCookieSet($name, $value, $expires, $path, $domain, $secure); return $this; }
/** * Configures the in-built session. * * A value of 'private' for the cache limiter prevents 'page has expired' * warnings and enables client caching of session pages. However, it should * not be used with POST forms or other content that should not be cached * by the client. The default is to disallow all caching. * * @see http://shiflett.org/articles/how-to-avoid-page-has-expired-warnings * @param string $name session name * @param string $dir directory to save session files in * @param bool $https_only maintain session for https requests only * @param T_Url $url root url for session (if on shared host) * @param string $cache_limiter caching type ('nocache' by default) * @param int $cache_expire cache expiry (mins) */ function __construct($name = 'sid', $dir = null, $https_only = false, T_Url $url = null, $cache_limiter = 'nocache', $cache_expire = 30) { // use cookies only ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); // set session name session_name($name); // setup cookie parameters if ($url) { $path = '/'; if (count($url->getPath()) > 0) { $path .= implode('/', $url->getPath()) . '/'; } $domain = $url->getHost(); // remove any 'www.' prefix subdomain as not relevant, and take off // any port information. if (strncasecmp('www.', $domain, 4) === 0) { $domain = substr($domain, 4); } if (($pos = strpos($domain, ':')) !== false) { $domain = substr($domain, 0, $pos); } if (strpos($domain, '.') === false) { $domain = null; // HTTP protocol doesn't allow setting top level domains like // 'localhost' for security reasons } else { $domain = '.' . $domain; // prefix domain with dot to make sure it is // available on all sub-domains } } else { $path = '/'; $domain = null; } session_set_cookie_params(null, $path, $domain, $https_only); // set save path if ($dir) { session_save_path($dir); } else { $default = new T_File_Dir(T_CACHE_DIR . 'session'); session_save_path($default->__toString()); // it is not safe on shared hosts to store session files in shared // temporary dirs. Therefore by default store session files in // cache directory. } // configure caching session_cache_limiter($cache_limiter); session_cache_expire($cache_expire); }