/** * test session id manipulations; expect isRegenerated flag == true * * @return void */ public function testRegenerateId() { // Check if session hasn't already been started by another test if (!Zend_Session::isStarted()) { Zend_Session::setId('myid123'); Zend_Session::regenerateId(); $this->assertFalse(Zend_Session::isRegenerated()); $id = Zend_Session::getId(); $this->assertTrue($id === 'myid123', 'getId() reported something different than set via setId("myid123")'); Zend_Session::start(); } else { // Start session if it's not actually started // That may happen if Zend_Session::$_unitTestEnabled is turned on while some other // Unit tests utilize Zend_Session functionality if (!defined('SID')) { session_start(); } // only regenerate session id if session has already been started Zend_Session::regenerateId(); } $this->assertTrue(Zend_Session::isRegenerated()); try { Zend_Session::setId('someo-therid-123'); $this->fail('No exception was returned when trying to set the session id, after session_start()'); } catch (Zend_Session_Exception $e) { $this->assertRegexp('/already.*started/i', $e->getMessage()); } }
/** * test session id manipulations; expect isRegenerated flag == true * * @return void */ public function testRegenerateId() { Zend_Session::setId('myid123'); Zend_Session::regenerateId(); $this->assertFalse(Zend_Session::isRegenerated()); $id = Zend_Session::getId(); $this->assertTrue($id === 'myid123', 'getId() reported something different than set via setId("myid123")'); Zend_Session::start(); $this->assertTrue(Zend_Session::isRegenerated()); try { Zend_Session::setId($id); $this->fail('No exception was returned when trying to set the session id, after session_start()'); } catch (Zend_Session_Exception $e) { $this->assertRegexp('/already.*started/i', $e->getMessage()); } }
/** * セッションIDの再生成が行われたかチェック * * @static * @access public */ public static function isRegenerated() { return parent::isRegenerated(); }
/** * test session id manipulations; expect isRegenerated flag == true * * @return void */ public function testRegenerateId() { // Check if session hasn't already been started by another test if (!Zend_Session::isStarted()) { Zend_Session::setId('myid123'); Zend_Session::regenerateId(); $this->assertFalse(Zend_Session::isRegenerated()); $id = Zend_Session::getId(); $this->assertTrue($id === 'myid123', 'getId() reported something different than set via setId("myid123")'); Zend_Session::start(); } else { // only regenerate session id if session has already been started Zend_Session::regenerateId(); } $this->assertTrue(Zend_Session::isRegenerated()); try { Zend_Session::setId('someo_therid_123'); $this->fail('No exception was returned when trying to set the session id, after session_start()'); } catch (Zend_Session_Exception $e) { $this->assertRegexp('/already.*started/i', $e->getMessage()); } }
/** * Route shutdown hook -- Check for router exceptions * * @param Zend_Controller_Request_Abstract $request */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { if (!Zend_Auth::getInstance()->hasIdentity()) { return; } $ident = \Zend_Auth::getInstance()->getIdentity(); if (isset($ident['authType']) && in_array($ident['authType'], array(App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_ACTIVATION_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_DOWNLOAD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN))) { return; } $sessionMapper = SessionMapper::getInstance(); $session = $sessionMapper->findOneById(\Zend_Session::getId()); if (!$session || !isset($session['id'])) { return; } if (($user = UserMapper::getInstance()->findOneById($session['id'])) && isset(self::$cookieLifeTimeByOrgType[$user->getOrgType()])) { $cookieLifeTime = self::$cookieLifeTimeByOrgType[$user->getOrgType()]; } else { $cookieLifeTime = self::$defaultCookieLifeTime; } /* * Old sessions use string for created/expire field. New session use a MongoDate. */ $created = $session['metadata']['created']; if ($created instanceof \MongoDate) { $created = $created->sec; } if (time() - $created - $cookieLifeTime > 0) { $this->_forceLogout($request, "Session Expired", PermissionCodes::AUTH_SESSION_EXPIRED); return; } if (App_Util_Array::getItem(self::$avoidActions, $request->getModuleName() . '.' . $request->getControllerName() . '.' . $request->getActionName())) { return; } if ($request->getHeader('X-M2mNoRenewSession')) { return; } if (Zend_Session::isRegenerated()) { return; } if (time() - $created < (1 - self::$tolerance) * $cookieLifeTime && (!self::$useProbability || rand(0, self::$probability))) { return; } $sessionMapper->renewSession(\Zend_Session::getId()); // Zend_Session::regenerateId(); // if (isset($data['logout'])) { // $sessionMapper->logoutSessionBySessionId(Zend_Session::getId(), $data['logout']); // } else if (isset($data['messages'])) { // $sessionMapper->addAllMessagesToAllSessionsBySessionId(Zend_Session::getId(), $data['messages']); // } }
/** * Called before Zend_Controller_Front exits its dispatch loop. * * @return void */ public function dispatchLoopShutdown() { if (!Zend_Session::sessionExists() || !Zend_Auth::getInstance()->hasIdentity()) { return; } $ident = Zend_Auth::getInstance()->getIdentity(); // Session management by auth type $isTemporalLogin = in_array($ident['authType'], array(self::AUTH_TYPE_REGULAR, self::AUTH_TYPE_CORE, self::AUTH_TYPE_ACTIVATION_TOKEN, self::AUTH_TYPE_LOST_PASSWORD_TOKEN, self::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN)); $isVaporLogin = in_array($ident['authType'], array(self::AUTH_TYPE_LOST_PASSWORD, self::AUTH_TYPE_ASYNC, self::AUTH_TYPE_EXTERNAL, self::AUTH_TYPE_DOWNLOAD_TOKEN, self::AUTH_TYPE_THIRD_PARTY)); /* * When request has used a vapor login or a failed temporal login we regenerate session. * But if request is a success temporal login we add auth token header */ if ($isVaporLogin) { // Destroy the session Zend_Session::destroy(); $this->getResponse()->clearHeader('X-Csrf-Token'); $_SESSION = array(); } else { if ($isTemporalLogin) { if ($this->getResponse()->isException()) { // Destroy the identity Zend_Auth::getInstance()->clearIdentity(); // Regenerate a new session if (!Zend_Session::isRegenerated()) { Zend_Session::regenerateId(); } } else { if (!empty($ident['id'])) { // Regenerate session $this->getResponse()->setHeader('X-M2M-AuthToken', $ident['token'], true); // Save last user access $user = UserService::getInstance()->load($ident['id']); $user->setLastLogin(time()); $user->save(); // Add user language (UX requirement) $this->getResponse()->setHeader('X-M2M-UserLanguage', $user->getLanguage(), true); } } } } }