public function _init() {
Session::config(array(
'flash_message' => array(
'adapter' => '\lithium\tests\mocks\storage\session\adapter\MockPhp'
)
));
}
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
*/
use lithium\storage\Session;
use lithium\core\Libraries;
/**
* This ensures any other library (loaded first) applies its config
* and it remains. Running Session::config(array(...)) again will
* overwrite the original configuration.
* Therefore, we get the current configuration and append it to
* Lithium Bootstrap's default, which is a very common and basic
* confiuration. This prevents each library from needing to set
* a session configuration and gives a default that each library
* can assume will be available.
*
* Yes, it is a good idea for your libraries with special session
* needs to use uniquely named configurations. It is also wise
* to run the same type of append method as you see below in order
* to ensure you are not overwriting any session configurations
* set by other libraries that may have been loaded before yours.
*/
$config = Session::config();
$config += array('cookie' => array('adapter' => 'Cookie'), 'default' => array('adapter' => 'Php'), 'flash_message' => array('adapter' => 'Php'));
// Allow the session configuration to be set in the Libraries::add() call for li3b_core.
$li3bCoreConfig = Libraries::get('li3b_core');
if (isset($li3bCoreConfig['session'])) {
$config = $li3bCoreConfig['session'];
}
Session::config($config);
public function testHmacStrategyOnNonExistKey()
{
Session::config(array('primary' => array('adapter' => new Memory(), 'strategies' => array('Hmac' => array('secret' => 's3cr3t')))));
$this->assertEmpty(Session::read('test'));
Session::write('test', 'value');
$result = Session::read('test');
$expected = 'value';
$this->assertEqual($expected, $result);
}
public function setUp()
{
Session::config(array('default' => array('adapter' => 'Memory')));
}
public function testEncryptStrategyWithPhpAdapter()
{
$config = array('name' => 'encryptInt');
Session::config(array($config['name'] => array('adapter' => 'Php', 'strategies' => array('Encrypt' => array('secret' => 's3cr3t')))));
Session::clear($config);
$key = 'test';
$value = 'value';
$this->assertTrue(Session::write($key, $value, $config));
$this->assertEqual($value, Session::read($key, $config));
$this->assertTrue(Session::delete($key, $config));
$this->assertNull(Session::read($key, $config));
Session::clear($config);
$this->assertTrue(Session::write('foo', 'bar', $config));
$this->assertEqual('bar', Session::read('foo', $config));
$this->assertTrue(Session::write('foo', 'bar1', $config));
$this->assertEqual('bar1', Session::read('foo', $config));
Session::clear($config);
$this->assertTrue(Session::write($key, $value, $config));
$this->assertEqual($value, Session::read($key, $config));
}
<?php
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2010, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
*/
use lithium\storage\Session;
Session::config(array('cookie' => array('adapter' => 'Cookie'), 'default' => array('adapter' => 'Php')));
/**
* Uncomment this to enable forms-based authentication. The configuration below will attempt to
* authenticate users against a `User` model. In a controller, run
* `Auth::check('default', $this->request)` to authenticate a user. This will check the POST data of
* the request (`lithium\action\Request::$data`) to see if the fields match the `'fields'` key of
* the configuration below. If successful, it will write the data returned from `User::first()` to
* the session using the default session configuration. Once the session data is written, you can
* call `Auth::check('default')` to check authentication status or retrieve the user's data from the
* session. Call `Auth::clear('default')` to remove the user's authentication details from the
* session. This effectively logs a user out of the system. To modify the form input that the
* adapter accepts, or how the configured model is queried, or how the data is stored in the
* session, see the `Form` adapter API or the `Auth` API, respectively.
*
* @see lithium\security\auth\adapter\Form
* @see lithium\action\Request::$data
* @see lithium\security\Auth
*/
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2012, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
* The default name is based on the lithium app path. Remember, if your app is numeric or has
* special characters you might want to use Inflector::slug() or set this manually.
*/
use lithium\storage\Session;
$name = basename(LITHIUM_APP_PATH);
Session::config(array('cookie' => array('adapter' => 'Cookie', 'name' => $name), 'default' => array('adapter' => 'Php', 'session.name' => $name)));
/**
* Uncomment the lines below to enable forms-based authentication. This configuration will attempt
* to authenticate users against a `Users` model. In a controller, run
* `Auth::check('default', $this->request)` to authenticate a user. This will check the POST data of
* the request (`lithium\action\Request::$data`) to see if the fields match the `'fields'` key of
* the configuration below. If successful, it will write the data returned from `Users::first()` to
* the session using the default session configuration.
*
* Once the session data is written, you can call `Auth::check('default')` to check authentication
* status or retrieve the user's data from the session. Call `Auth::clear('default')` to remove the
* user's authentication details from the session. This effectively logs a user out of the system.
* To modify the form input that the adapter accepts, or how the configured model is queried, or how
* the data is stored in the session, see the `Form` adapter API or the `Auth` API, respectively.
*
* @see lithium\security\auth\adapter\Form
public function setUp()
{
Session::config(array('test' => array('adapter' => 'Memory')));
Auth::config(array('test' => array('adapter' => '\\lithium\\tests\\mocks\\security\\auth\\adapter\\MockAuthAdapter')));
}
<?php
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2010, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
namespace lithium\tests\integration\storage;
use lithium\storage\Session;
Session::config(array('test' => array('name' => 'test', 'adapter' => 'Php', 'cookie_lifetime' => 0)));
class SessionPhpTest extends \lithium\test\Unit
{
public function testWriteReadDelete()
{
$key = 'test';
$value = 'value';
Session::write($key, $value, array('name' => 'test'));
$result = Session::read($key, array('name' => 'test'));
$this->assertEqual($value, $result);
$this->assertTrue(Session::delete($key, array('name' => 'test')));
$result = Session::read($key, array('name' => 'test'));
$this->assertNull($result);
}
}
<?php
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2010, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
*/
use lithium\storage\Session;
Session::config(array('cookie' => array('adapter' => 'Cookie')));
/**
* Uncomment this to enable forms-based authentication. The configuration below will attempt to
* authenticate users against a `User` model. In a controller, run
* `Auth::check('default', $this->request)` to authenticate a user. This will check the POST data of
* the request (`lithium\action\Request::$data`) to see if the fields match the `'fields'` key of
* the configuration below. If successful, it will write the data returned from `User::first()` to
* the session using the default session configuration. Once the session data is written, you can
* call `Auth::check('default')` to check authentication status or retrieve the user's data from the
* session. Call `Auth::clear('default')` to remove the user's authentication details from the
* session. This effectively logs a user out of the system. To modify the form input that the
* adapter accepts, or how the configured model is queried, or how the data is stored in the
* session, see the `Form` adapter API or the `Auth` API, respectively.
*
* @see lithium\security\auth\adapter\Form
* @see lithium\action\Request::$data
* @see lithium\security\Auth
*/
public function testStrategies()
{
Session::config(array('primary' => array('adapter' => new Memory(), 'filters' => array(), 'strategies' => array('lithium\\storage\\cache\\strategy\\Json'))));
Session::write('test', array('foo' => 'bar'));
$this->assertEqual(array('foo' => 'bar'), Session::read('test'));
$this->assertTrue(Session::check('test'));
$this->assertTrue(Session::check('test', array('strategies' => false)));
$result = Session::read('test', array('strategies' => false));
$this->assertEqual('{"foo":"bar"}', $result);
$result = Session::clear(array('strategies' => false));
$this->assertNull(Session::read('test'));
$this->assertFalse(Session::check('test'));
$this->assertFalse(Session::check('test', array('strategies' => false)));
}
public function testConfigNoAdapters()
{
Session::config(array('conditional' => array('adapter' => new SessionStorageConditional())));
$this->assertTrue(Session::write('key', 'value'));
$this->assertEqual(Session::read('key'), 'value');
$this->assertFalse(Session::read('key', array('fail' => true)));
}
public function testHmacStrategy()
{
$key = 'test';
$value = 'value';
$name = 'hmac_test';
Session::config(array('default' => array('adapter' => 'Cookie', 'strategies' => array('Hmac' => array('secret' => 'somesecretkey')), 'name' => $name)));
$cache = $_COOKIE;
$_COOKIE[$name]['injectedkey'] = 'hax0r';
$this->expectException('/Possible data tampering - HMAC signature does not match data./');
$result = Session::read($key, array('name' => 'hmac'));
$_COOKIE = $cache;
}
public function testEncryptedStrategy()
{
$this->skipIf(!MockEncrypt::enabled(), 'The Mcrypt extension is not installed or enabled.');
$key = 'foobar';
$adapter = new Memory();
Session::config(array('primary' => array('adapter' => $adapter, 'filters' => array(), 'strategies' => array('lithium\\tests\\mocks\\storage\\session\\strategy\\MockEncrypt' => array('secret' => $key)))));
$value = array('foo' => 'bar');
Session::write('test', $value);
$this->assertEqual(array('foo' => 'bar'), Session::read('test'));
$this->assertTrue(Session::check('test'));
$this->assertTrue(Session::check('test', array('strategies' => false)));
$encrypted = Session::read('test', array('strategies' => false));
$this->assertNotEqual($value, $encrypted);
$this->assertTrue(is_string($encrypted));
$result = Session::read('test');
$this->assertEqual($value, $result);
$result = Session::clear(array('strategies' => false));
$this->assertNull(Session::read('test'));
$this->assertFalse(Session::check('test'));
$this->assertFalse(Session::check('test', array('strategies' => false)));
$savedData = array('test' => $value);
$encrypt = new MockEncrypt(array('secret' => $key));
$result = $encrypt->encrypt($savedData);
$this->assertEqual($encrypted, $result);
$result = $encrypt->decrypt($encrypted);
$this->assertEqual($savedData, $result);
}
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2011, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
*/
use lithium\storage\Session;
use lithium\security\Auth;
use lithium\core\Libraries;
$name = basename(LITHIUM_APP_PATH);
Session::config(array('default' => array('adapter' => 'Php', 'session.name' => 'PHPSESSID', 'session.save_handler' => 'memcached', 'session.save_path' => 'localhost:11211')));
/**
* Uncomment the lines below to enable forms-based authentication. This configuration will attempt
* to authenticate users against a `Users` model. In a controller, run
* `Auth::check('default', $this->request)` to authenticate a user. This will check the POST data of
* the request (`lithium\action\Request::$data`) to see if the fields match the `'fields'` key of
* the configuration below. If successful, it will write the data returned from `Users::first()` to
* the session using the default session configuration.
*
* Once the session data is written, you can call `Auth::check('default')` to check authentication
* status or retrieve the user's data from the session. Call `Auth::clear('default')` to remove the
* user's authentication details from the session. This effectively logs a user out of the system.
* To modify the form input that the adapter accepts, or how the configured model is queried, or how
* the data is stored in the session, see the `Form` adapter API or the `Auth` API, respectively.
*
* @see lithium\security\auth\adapter\Form
public function testStrategiesPhpAdapter()
{
Session::config(array('strategy' => array('adapter' => 'Php', 'strategies' => array('Hmac' => array('secret' => 'somesecretkey')))));
$key = 'test';
$value = 'value';
Session::write($key, $value, array('name' => 'strategy'));
$result = Session::read($key, array('name' => 'strategy'));
$this->assertEqual($value, $result);
$this->assertTrue(Session::delete($key, array('name' => 'strategy')));
$result = Session::read($key, array('name' => 'strategy'));
$this->assertNull($result);
Session::write($key, $value, array('name' => 'strategy'));
$result = Session::read($key, array('name' => 'strategy'));
$this->assertEqual($value, $result);
$cache = $_SESSION;
$_SESSION['injectedkey'] = 'hax0r';
$this->expectException('/Possible data tampering - HMAC signature does not match data./');
$result = Session::read($key, array('name' => 'strategy'));
$_SESSION = $cache;
}
public function testEncryptStrategyWithPhpAdapter()
{
$this->skipIf(PHP_SAPI === 'cli', 'No PHP session support in cli SAPI.');
$this->skipIf(!extension_loaded('mcrypt'), 'The `mcrypt` extension is not loaded.');
$config = array('name' => 'encryptInt');
Session::config(array($config['name'] => array('adapter' => 'Php', 'strategies' => array('Encrypt' => array('secret' => 's3cr3t')))));
Session::clear($config);
$key = 'test';
$value = 'value';
$this->assertTrue(Session::write($key, $value, $config));
$this->assertEqual($value, Session::read($key, $config));
$this->assertTrue(Session::delete($key, $config));
$this->assertNull(Session::read($key, $config));
Session::clear($config);
$this->assertTrue(Session::write('foo', 'bar', $config));
$this->assertEqual('bar', Session::read('foo', $config));
$this->assertTrue(Session::write('foo', 'bar1', $config));
$this->assertEqual('bar1', Session::read('foo', $config));
Session::clear($config);
$this->assertTrue(Session::write($key, $value, $config));
$this->assertEqual($value, Session::read($key, $config));
}
* This file contains configurations for connecting to external caching resources, as well as
* default caching rules for various systems within your application
*/
require __DIR__ . '/bootstrap/cache.php';
/**
* This file contains your application's globalization rules, including inflections,
* transliterations, localized validation, and how localized text should be loaded. Uncomment this
* line if you plan to globalize your site.
*/
// require __DIR__ . '/bootstrap/g11n.php';
/**
* This file contains configurations for handling different content types within the framework,
* including converting data to and from different formats, and handling static media assets.
*/
// require __DIR__ . '/bootstrap/media.php';
/**
* This file configures console filters and settings, specifically output behavior and coloring.
*/
// require __DIR__ . '/bootstrap/console.php';
/**
* This file contains filters for the test suite to bypass having a controller and render test
* templates directly through the test dispatcher.
*/
require __DIR__ . '/bootstrap/test.php';
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
*/
use lithium\storage\Session;
Session::config(array('cookie' => array('adapter' => 'Cookie', 'expire' => '+2 days'), 'default' => array('adapter' => 'Php')));
public function setUp()
{
Session::config(array('default' => array('adapter' => '\\lithium\\tests\\mocks\\storage\\session\\adapter\\MockPhp')));
}
<?php
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2010, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
*/
use lithium\storage\Session;
Session::config(array(
'default' => array('adapter' => 'Php')
));
/**
* Uncomment the lines below to enable forms-based authentication. This configuration will attempt
* to authenticate users against a `Users` model. In a controller, run
* `Auth::check('default', $this->request)` to authenticate a user. This will check the POST data of
* the request (`lithium\action\Request::$data`) to see if the fields match the `'fields'` key of
* the configuration below. If successful, it will write the data returned from `Users::first()` to
* the session using the default session configuration.
*
* Once the session data is written, you can call `Auth::check('default')` to check authentication
* status or retrieve the user's data from the session. Call `Auth::clear('default')` to remove the
* user's authentication details from the session. This effectively logs a user out of the system.
* To modify the form input that the adapter accepts, or how the configured model is queried, or how
* the data is stored in the session, see the `Form` adapter API or the `Auth` API, respectively.
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2013, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/
/**
* This configures your session storage. The Cookie storage adapter must be connected first, since
* it intercepts any writes where the `'expires'` key is set in the options array.
* The default name is based on the lithium app path. Remember, if your app is numeric or has
* special characters you might want to use Inflector::slug() or set this manually.
*/
use lithium\storage\Session;
use lithium\security\Auth;
$name = basename(LITHIUM_APP_PATH);
Session::config(array('default' => array('adapter' => 'Php', 'session.name' => $name)));
Auth::config(array('member' => array('adapter' => 'Form', 'model' => 'Users', 'fields' => array('username', 'password'), 'filters' => array('password' => array('lithium\\util\\String', 'hash')), 'validators' => array('password' => false))));
/**
* Uncomment the lines below to enable forms-based authentication. This configuration will attempt
* to authenticate users against a `Users` model. In a controller, run
* `Auth::check('default', $this->request)` to authenticate a user. This will check the POST data of
* the request (`lithium\action\Request::$data`) to see if the fields match the `'fields'` key of
* the configuration below. If successful, it will write the data returned from `Users::first()` to
* the session using the default session configuration.
*
* Once the session data is written, you can call `Auth::check('default')` to check authentication
* status or retrieve the user's data from the session. Call `Auth::clear('default')` to remove the
* user's authentication details from the session. This effectively logs a user out of the system.
* To modify the form input that the adapter accepts, or how the configured model is queried, or how
* the data is stored in the session, see the `Form` adapter API or the `Auth` API, respectively.
*
public function setUp()
{
Session::config(array('test' => array('adapter' => 'Memory')));
Auth::config(array('test' => array('adapter' => $this->_classes['mockAuthAdapter'])));
}
<?php
use lithium\action\Dispatcher;
use lithium\storage\Session;
/**
* Set the token header in the response.
*/
Dispatcher::applyFilter('run', function ($self, $params, $chain) {
$response = $chain->next($self, $params, $chain);
$configs = Session::config();
foreach ($configs as $name => $config) {
if ($config['adapter'] == 'Token') {
$header = $config['header'];
break;
}
}
if (isset($header)) {
$response->headers($header, Session::key($name));
}
return $response;
});
