public function __construct() { global $CFG; if (!defined('NO_MOODLE_COOKIES')) { if (empty($CFG->version) or $CFG->version < 2009011900) { // no session before sessions table gets greated define('NO_MOODLE_COOKIES', true); } else { if (CLI_SCRIPT) { // CLI scripts can not have session define('NO_MOODLE_COOKIES', true); } else { define('NO_MOODLE_COOKIES', false); } } } if (NO_MOODLE_COOKIES) { // session not used at all $CFG->usesid = 0; $_SESSION = array(); $_SESSION['SESSION'] = new object(); $_SESSION['USER'] = new object(); } else { $this->prepare_cookies(); $this->init_session_storage(); $newsession = empty($_COOKIE['MoodleSession' . $CFG->sessioncookie]); if (!empty($CFG->usesid) && $newsession) { sid_start_ob(); } else { $CFG->usesid = 0; ini_set('session.use_trans_sid', '0'); } session_name('MoodleSession' . $CFG->sessioncookie); session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly); session_start(); if (!isset($_SESSION['SESSION'])) { $_SESSION['SESSION'] = new object(); if (!$newsession and !$this->justloggedout) { $_SESSION['SESSION']->has_timed_out = true; } } if (!isset($_SESSION['USER'])) { $_SESSION['USER'] = new object(); } } $this->check_user_initialised(); $this->check_security(); }
//this session fixation prevention can not be used in cookieless mode if (empty($CFG->usesid) && !defined('MOODLE_SANE_INPUT')) { unset(${'MoodleSession' . $CFG->sessioncookie}); unset($_GET['MoodleSession' . $CFG->sessioncookie]); unset($_POST['MoodleSession' . $CFG->sessioncookie]); } //compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with $nomoodlecookie in cron.php now if (!empty($_COOKIE['MoodleSession' . $CFG->sessioncookie]) && $_COOKIE['MoodleSession' . $CFG->sessioncookie] == "deleted") { unset($_COOKIE['MoodleSession' . $CFG->sessioncookie]); } if (!empty($_COOKIE['MoodleSessionTest' . $CFG->sessioncookie]) && $_COOKIE['MoodleSessionTest' . $CFG->sessioncookie] == "deleted") { unset($_COOKIE['MoodleSessionTest' . $CFG->sessioncookie]); } if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) { require_once "{$CFG->dirroot}/lib/cookieless.php"; sid_start_ob(); } if (empty($nomoodlecookie)) { session_name('MoodleSession' . $CFG->sessioncookie); if (check_php_version('5.2.0')) { session_set_cookie_params(0, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly); } else { session_set_cookie_params(0, $CFG->sessioncookiepath, '', $CFG->cookiesecure); } @session_start(); if (!isset($_SESSION['SESSION'])) { $_SESSION['SESSION'] = new object(); $_SESSION['SESSION']->session_test = random_string(10); if (!empty($_COOKIE['MoodleSessionTest' . $CFG->sessioncookie])) { $_SESSION['SESSION']->has_timed_out = true; }
public function __construct() { global $CFG; if (NO_MOODLE_COOKIES) { // session not used at all $CFG->usesid = 0; $_SESSION = array(); $_SESSION['SESSION'] = new stdClass(); $_SESSION['USER'] = new stdClass(); } else { $this->prepare_cookies(); $this->init_session_storage(); $newsession = empty($_COOKIE['MoodleSession' . $CFG->sessioncookie]); if (!empty($CFG->usesid) && $newsession) { sid_start_ob(); } else { $CFG->usesid = 0; ini_set('session.use_trans_sid', '0'); } session_name('MoodleSession' . $CFG->sessioncookie); session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly); session_start(); if (!isset($_SESSION['SESSION'])) { $_SESSION['SESSION'] = new stdClass(); if (!$newsession and !$this->justloggedout) { $_SESSION['SESSION']->has_timed_out = true; } } if (!isset($_SESSION['USER'])) { $_SESSION['USER'] = new stdClass(); } } $this->check_user_initialised(); $this->check_security(); }