/**
* Configures the in-built session.
*
* A value of 'private' for the cache limiter prevents 'page has expired'
* warnings and enables client caching of session pages. However, it should
* not be used with POST forms or other content that should not be cached
* by the client. The default is to disallow all caching.
*
* @see http://shiflett.org/articles/how-to-avoid-page-has-expired-warnings
* @param string $name session name
* @param string $dir directory to save session files in
* @param bool $https_only maintain session for https requests only
* @param T_Url $url root url for session (if on shared host)
* @param string $cache_limiter caching type ('nocache' by default)
* @param int $cache_expire cache expiry (mins)
*/
function __construct($name = 'sid', $dir = null, $https_only = false, T_Url $url = null, $cache_limiter = 'nocache', $cache_expire = 30)
{
// use cookies only
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
// set session name
session_name($name);
// setup cookie parameters
if ($url) {
$path = '/';
if (count($url->getPath()) > 0) {
$path .= implode('/', $url->getPath()) . '/';
}
$domain = $url->getHost();
// remove any 'www.' prefix subdomain as not relevant, and take off
// any port information.
if (strncasecmp('www.', $domain, 4) === 0) {
$domain = substr($domain, 4);
}
if (($pos = strpos($domain, ':')) !== false) {
$domain = substr($domain, 0, $pos);
}
if (strpos($domain, '.') === false) {
$domain = null;
// HTTP protocol doesn't allow setting top level domains like
// 'localhost' for security reasons
} else {
$domain = '.' . $domain;
// prefix domain with dot to make sure it is
// available on all sub-domains
}
} else {
$path = '/';
$domain = null;
}
session_set_cookie_params(null, $path, $domain, $https_only);
// set save path
if ($dir) {
session_save_path($dir);
} else {
$default = new T_File_Dir(T_CACHE_DIR . 'session');
session_save_path($default->__toString());
// it is not safe on shared hosts to store session files in shared
// temporary dirs. Therefore by default store session files in
// cache directory.
}
// configure caching
session_cache_limiter($cache_limiter);
session_cache_expire($cache_expire);
}
/**
* Set a cookie.
*
* @param string $name cookie name
* @param string $value cookie value
* @param int $expires expiry time (UNIX time)
* @param string $path path on which the cookie is available
* @param string $domain domain on which cookie is available
* @param bool $secure whether to only send the cookie over https
*/
function set($name, $value, $expires = null, $path = null, $domain = null, $secure = null)
{
// if domain/path is default (null), and a server document root value is
// available, then we use that as these parameters.
if (is_null($path) && is_null($domain) && $this->root) {
$path = '/';
if (count($this->root->getPath()) > 0) {
$path .= implode('/', $this->root->getPath()) . '/';
}
$domain = $this->root->getHost();
// remove any 'www.' prefix subdomain as not relevant, and take off
// any port information.
if (strncasecmp('www.', $domain, 4) === 0) {
$domain = substr($domain, 4);
}
if (($pos = strpos($domain, ':')) !== false) {
$domain = substr($domain, 0, $pos);
}
if (strpos($domain, '.') === false) {
$domain = null;
// HTTP protocol doesn't allow setting top level domains like
// 'localhost' for security reasons
} else {
$domain = '.' . $domain;
// prefix domain with dot to make sure it is
// available on all sub-domains
}
} elseif (strlen($domain) > 0 && strpos($domain, '.') === false) {
$msg = "{$domain} is a TLD which HTTP protocol forbids in a cookie";
throw new InvalidArgumentException($msg);
}
if ($expires > time() || !is_int($expires)) {
$this->data[$name] = $value;
} else {
// deleting cookie
unset($this->data[$name]);
$value = null;
}
$this->doCookieSet($name, $value, $expires, $path, $domain, $secure);
return $this;
}
