/**
* Check if session is valid and is not expired. If no valid session, check cookie keepSession.
*
* @param bool $checkKeepSessionCookie If true check cookie keepSession
* @param bool $isAutomaticRequest If true don't update sessionLastTime
*/
protected static function restore($checkKeepSessionCookie = true, $isAutomaticRequest = false)
{
$session = self::getInstance();
if (session_status() != PHP_SESSION_ACTIVE) {
static::startSession();
self::sessionLog("session_start():" . __LINE__);
}
$refClass = self::getReflectionClass();
foreach ($refClass->getConstants() as $constname => $constvalue) {
if (substr($constname, 0, 8) !== 'SESSION_') {
continue;
}
$session->{$constvalue} = isset($_SESSION[__CLASS__][$constvalue]) ? $_SESSION[__CLASS__][$constvalue] : null;
}
$newhash = self::createHash($session->userId, $session->sault);
if (!($newhash == $session->hash && !empty($session->hash))) {
// reset session (invalid)
self::sessionLog("invalid hash:" . __LINE__);
$session->userId = 0;
$session->hash = '';
if ($checkKeepSessionCookie && self::isCookieKeepSession()) {
self::restore(false, $isAutomaticRequest);
if ($session->userId) {
// we've recovered session, update last login
$u = new User();
Scalr::getDb()->Execute("UPDATE {$u->table()} SET {$u->columnLastLogin} = NOW() WHERE {$u->columnId} = ?", [$session->userId]);
}
}
} else {
if (strtotime(Scalr::config('scalr.security.user.session.timeout'), $session->lastTime) < time()) {
self::sessionLog("session timeout was expired:" . __LINE__);
if ($checkKeepSessionCookie) {
$_SESSION[__CLASS__][self::SESSION_USER_ID] = 0;
$_SESSION[__CLASS__][self::SESSION_HASH] = '';
self::restore($checkKeepSessionCookie, $isAutomaticRequest);
} else {
$session->userId = 0;
$session->hash = '';
}
return;
}
if (!$isAutomaticRequest) {
$_SESSION[__CLASS__][self::SESSION_LAST_TIME] = $session->lastTime = time();
}
if (strtotime(Scalr::config('scalr.security.user.session.lifetime'), $session->initTime) < time()) {
self::sessionLog("session lifetime was expired:" . __LINE__);
if ($checkKeepSessionCookie) {
$_SESSION[__CLASS__][self::SESSION_USER_ID] = 0;
$_SESSION[__CLASS__][self::SESSION_HASH] = '';
self::restore($checkKeepSessionCookie, $isAutomaticRequest);
} else {
$session->userId = 0;
$session->hash = '';
}
return;
}
}
session_write_close();
self::sessionLog("session_write_close():" . __LINE__);
}
