/**
* regenerateId() - Regenerate the session id. Best practice is to call this after
* session is started. If called prior to session starting, session id will be regenerated
* at start time.
*
* @throws Zend_Session_Exception
* @return void
*/
public static function regenerateId()
{
if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
/** @see Zend_Session_Exception */
// require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
}
if (self::$_sessionStarted && self::$_regenerateIdState <= 0) {
if (!self::$_unitTestEnabled) {
session_regenerate_id(true);
}
self::$_regenerateIdState = 1;
} else {
/**
* @todo If we can detect that this requester had no session previously,
* then why regenerate the id before the session has started?
* Feedback wanted for:
//
if (isset($_COOKIE[session_name()]) || (!use only cookies && isset($_REQUEST[session_name()]))) {
self::$_regenerateIdState = 1;
} else {
self::$_regenerateIdState = -1;
}
//*/
self::$_regenerateIdState = -1;
}
}
/**
* start() - Start the session.
*
* @param bool|array $options OPTIONAL Either user supplied options, or flag indicating if start initiated automatically
* @throws Zend_Session_Exception
* @return void
*/
public static function start($options = false)
{
// Check to see if we've been passed an invalid session ID
if (self::getId() && !self::_checkId(self::getId())) {
// Generate a valid, temporary replacement
self::setId(md5(self::getId()));
// Force a regenerate after session is started
self::$_regenerateIdState = -1;
}
if (self::$_sessionStarted && self::$_destroyed) {
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
}
if (self::$_sessionStarted) {
if ($options === true) {
return;
} else {
self::writeClose();
}
}
// make sure our default options (at the least) have been set
if (!self::$_defaultOptionsSet) {
self::setOptions(is_array($options) ? $options : array());
}
if (!self::getId() && ini_get('session.use_cookies') == 1 && !empty($_COOKIE[session_name()])) {
self::setId($_COOKIE[session_name()]);
}
if (!self::getId() && !empty($_REQUEST[session_name()])) {
self::setId($_REQUEST[session_name()]);
}
if (!self::getId()) {
self::setId(sha1(uniqid('', true)));
}
// In strict mode, do not allow auto-starting Zend_Session, such as via "new Zend_Session_Namespace()"
if (self::$_strict && $options === true) {
/** @see Zend_Session_Exception */
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception('You must explicitly start the session with Zend_Session::start() when session options are set to strict.');
}
$filename = $linenum = null;
if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
/** @see Zend_Session_Exception */
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception("Session must be started before any output has been sent to the browser;" . " output started in {$filename}/{$linenum}");
}
// See http://www.php.net/manual/en/ref.session.php for explanation
if (!self::$_writeClosed && !self::$_unitTestEnabled && defined('SID')) {
/** @see Zend_Session_Exception */
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception('session has already been started by session.auto-start or session_start()');
}
/**
* Hack to throw exceptions on start instead of php errors
* @see http://framework.zend.com/issues/browse/ZF-1325
*/
$errorLevel = is_int(self::$_throwStartupExceptions) ? self::$_throwStartupExceptions : E_ALL;
/** @see Zend_Session_Exception */
if (!self::$_unitTestEnabled) {
if (self::$_throwStartupExceptions) {
require_once 'Zend/Session/Exception.php';
set_error_handler(array('Zend_Session_Exception', 'handleSessionStartError'), $errorLevel);
}
$hasSessionId = (bool) self::getId();
$startedCleanly = session_start();
if (self::$_throwStartupExceptions) {
restore_error_handler();
}
if (!$startedCleanly || Zend_Session_Exception::$sessionStartError != null) {
if (self::$_throwStartupExceptions) {
set_error_handler(array('Zend_Session_Exception', 'handleSilentWriteClose'), $errorLevel);
}
session_write_close();
if (self::$_throwStartupExceptions) {
restore_error_handler();
throw new Zend_Session_Exception(__CLASS__ . '::' . __FUNCTION__ . '() - ' . Zend_Session_Exception::$sessionStartError);
}
}
} else {
$_SESSION = array();
if (!session_id()) {
session_id(md5(uniqid(mt_rand(), true)));
}
}
parent::$_readable = true;
parent::$_writable = true;
self::$_sessionStarted = true;
self::$_writeClosed = false;
if (self::$_regenerateIdState === -1) {
self::regenerateId();
}
// run validators if they exist
if (isset($_SESSION['__ZF']['VALID'])) {
self::_processValidators();
}
self::_processStartupMetadataGlobal();
}
/**
* regenerateId() - Regenerate the session id. Best practice is to call this after
* session is started. If called prior to session starting, session id will be regenerated
* at start time.
*
* @throws Zend_Session_Exception
* @return void
*/
public static function regenerateId()
{
if (headers_sent($filename, $linenum)) {
throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
}
if (self::$_sessionStarted && self::$_regenerateIdState <= 0) {
session_regenerate_id(true);
self::$_regenerateIdState = 1;
} else {
/*
// If we can detect that this requester had no session previously,
// then why regenerate the id before the session has started?
// Feedback wanted for:
if (isset($_COOKIE[session_name()])
|| (!use only cookies && isset($_REQUEST[session_name()]))) {
self::$_regenerateIdState = 1;
} else {
self::$_regenerateIdState = -1;
}
*/
self::$_regenerateIdState = -1;
}
}
/**
* regenerateId() - Regenerate the session id. Best practice is to call this after
* session is started. If called prior to session starting, session id will be regenerated
* at start time.
*
* @throws Zend_Session_Exception
* @return void
*/
public static function regenerateId()
{
if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
/** @see Zend_Session_Exception */
// require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
}
if (!self::$_sessionStarted) {
self::$_regenerateIdState = -1;
} else {
if (!self::$_unitTestEnabled) {
session_regenerate_id(true);
}
self::$_regenerateIdState = 1;
}
}
/**
* start() - Start the session.
*
* @param bool|array $options OPTIONAL Either user supplied options, or flag indicating if start initiated automatically
* @throws Zend_Session_Exception
* @return void
*/
public static function start($options = false)
{
// Check to see if we've been passed an invalid session ID
if (self::getId() && !self::_checkId(self::getId())) {
// Generate a valid, temporary replacement
self::setId(md5(self::getId()));
// Force a regenerate after session is started
self::$_regenerateIdState = -1;
}
if (self::$_sessionStarted && self::$_destroyed) {
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
}
if (self::$_sessionStarted) {
return;
// already started
}
// make sure our default options (at the least) have been set
if (!self::$_defaultOptionsSet) {
self::setOptions(is_array($options) ? $options : array());
}
// In strict mode, do not allow auto-starting Zend_Session, such as via "new Zend_Session_Namespace()"
if (self::$_strict && $options === true) {
/** @see Zend_Session_Exception */
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception('You must explicitly start the session with Zend_Session::start() when session options are set to strict.');
}
$filename = $linenum = null;
if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
/** @see Zend_Session_Exception */
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception("Session must be started before any output has been sent to the browser;" . " output started in {$filename}/{$linenum}");
}
// See http://www.php.net/manual/en/ref.session.php for explanation
if (!self::$_unitTestEnabled && defined('SID')) {
/** @see Zend_Session_Exception */
require_once 'Zend/Session/Exception.php';
throw new Zend_Session_Exception('session has already been started by session.auto-start or session_start()');
}
/**
* Hack to throw exceptions on start instead of php errors
* @see http://framework.zend.com/issues/browse/ZF-1325
*/
$errorLevel = is_int(self::$_throwStartupExceptions) ? self::$_throwStartupExceptions : E_ALL;
// alcalbg - do not start session for robots
$is_human = true;
$robots = array('googlebot' => 'Googlebot', 'msnbot' => 'MSNBot', 'baiduspider' => 'Baiduspider', 'bingbot' => 'Bing', 'slurp' => 'Inktomi Slurp', 'yahoo' => 'Yahoo', 'askjeeves' => 'AskJeeves', 'fastcrawler' => 'FastCrawler', 'infoseek' => 'InfoSeek Robot 1.0', 'lycos' => 'Lycos', 'yandex' => 'YandexBot', 'newrelic' => 'NewRelicPinger');
foreach ($robots as $key => $value) {
if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], $value) !== false) {
$is_human = false;
break;
}
}
/** @see Zend_Session_Exception */
if ($is_human && !self::$_unitTestEnabled) {
if (self::$_throwStartupExceptions) {
require_once 'Zend/Session/Exception.php';
set_error_handler(array('Zend_Session_Exception', 'handleSessionStartError'), $errorLevel);
}
$startedCleanly = session_start();
if (self::$_throwStartupExceptions) {
restore_error_handler();
}
if (!$startedCleanly || Zend_Session_Exception::$sessionStartError != null) {
if (self::$_throwStartupExceptions) {
set_error_handler(array('Zend_Session_Exception', 'handleSilentWriteClose'), $errorLevel);
}
session_write_close();
if (self::$_throwStartupExceptions) {
restore_error_handler();
throw new Zend_Session_Exception(__CLASS__ . '::' . __FUNCTION__ . '() - ' . Zend_Session_Exception::$sessionStartError);
}
}
}
parent::$_readable = true;
parent::$_writable = true;
self::$_sessionStarted = true;
if (self::$_regenerateIdState === -1) {
self::regenerateId();
}
// run validators if they exist
if (isset($_SESSION['__ZF']['VALID'])) {
self::_processValidators();
}
self::_processStartupMetadataGlobal();
}