/**
* @return bool
*/
public static function start()
{
if (!self::$initialised) {
session_cache_limiter('');
ini_set('session.use_cookies', 1);
if (version_compare(phpversion(), '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
self::$initialised = true;
}
if (session_status() === PHP_SESSION_DISABLED) {
Exception::error(Lib\I18n::__('PHP sessions are disabled.'));
}
if (session_status() === PHP_SESSION_ACTIVE) {
return true;
}
if (ini_get('session.use_cookies') && headers_sent($file, $line)) {
Exception::error(Lib\I18n::__('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
}
if (!session_start()) {
Exception::error(Lib\I18n::__('Failed to start the session.'));
}
self::$reference =& $_SESSION;
return true;
}
/**
* Bootstrap the session.
*
* @param Config $config The session config
*/
public static function bootstrap(Config $config)
{
if (!$config->cookie_name) {
$config->cookie_name = 'session_id';
}
if (!$config->id_format) {
$config->id_format = Handler::DEFAULT_ID_FORMAT;
}
// Create and set the session save handler
static::$handler = new Handler($config);
session_set_save_handler(static::$handler, true);
// Set the session name
session_name($config->cookie_name);
// Set the cookie parameters
$app = Application::instance();
$path = $app->config->base_uri ?: '/';
$domain = $app->config->domain ?: $_SERVER['HTTP_HOST'];
$secure = $app->request->isSecure();
$lifetime = $config->lifetime ?: 2592000;
session_set_cookie_params($lifetime, $path, $domain, $secure, true);
// Start the session
session_start();
// Register session_write_close() as a shutdown function
session_register_shutdown();
}
/**
* Constructor.
*
* @param SessionHandlerInterface $handler
*/
public function __construct(SessionHandlerInterface $handler)
{
ini_set('session.use_cookies', 1);
session_cache_limiter('');
session_register_shutdown();
$this->proxy = new SaveHandlerProxy($handler);
}
/**
* Constructor
*
* @param KObjectConfig $config An optional ObjectConfig object with configuration options
*/
public function __construct(KObjectConfig $config)
{
parent::__construct($config);
//Session write and close handlers are called after destructing objects since PHP 5.0.5.
if (version_compare(phpversion(), '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
//Only configure the session if it's not active yet
if (!$this->isActive()) {
//Set the session options
$this->setOptions($config->options);
//Set the session name
if (!empty($config->name)) {
$this->setName($config->name);
}
//Set the session identifier
if (!empty($config->id)) {
$this->setId($config->id);
}
//Set the session handler
$this->setHandler($config->handler, KObjectConfig::unbox($config));
}
//Set the session namespace
$this->setNamespace($config->namespace);
//Set lifetime time
$this->getContainer('metadata')->setLifetime($config->lifetime);
}
/**
* Constructor.
*
* @throws Session\SessionException
*/
protected function init()
{
$config = self::getConfig();
// validate that headers have not already been sent
if (headers_sent()) {
throw new SessionException('Unable to register session handler because headers have already been sent.');
}
// remove any shut down functions
session_register_shutdown();
// get the driver
$saveHandler = $config->get('Storage.Driver', '\\Webiny\\Component\\Http\\Session\\Storage\\NativeStorage');
try {
// try to create driver instance
$saveHandler = new $saveHandler($config);
// register driver as session handler
session_set_save_handler($saveHandler, false);
// start the session
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// get session id
$this->sessionId = session_id();
// save current session locally
$this->sessionBag = $this->arr($_SESSION);
} catch (\Exception $e) {
throw new SessionException($e->getMessage());
}
}
public function __invoke(Request $req, Response $res, callable $next)
{
$config = $this->app['config'];
if (!$config->get('sessions.enabled') || $req->isApi()) {
return $next($req, $res);
}
$lifetime = $config->get('sessions.lifetime');
$hostname = $config->get('app.hostname');
ini_set('session.use_trans_sid', false);
ini_set('session.use_only_cookies', true);
ini_set('url_rewriter.tags', '');
ini_set('session.gc_maxlifetime', $lifetime);
// set the session name
$defaultSessionTitle = $config->get('app.title') . '-' . $hostname;
$sessionTitle = $config->get('sessions.name', $defaultSessionTitle);
$safeSessionTitle = str_replace(['.', ' ', "'", '"'], ['', '_', '', ''], $sessionTitle);
session_name($safeSessionTitle);
// set the session cookie parameters
session_set_cookie_params($lifetime, '/', '.' . $hostname, $req->isSecure(), true);
// register session_write_close as a shutdown function
session_register_shutdown();
// install any custom session handlers
$class = $config->get('sessions.driver');
if ($class) {
$handler = new $class($this->app);
$handler::registerHandler($handler);
}
session_start();
// fix the session cookie
Utility::setCookieFixDomain(session_name(), session_id(), time() + $lifetime, '/', $hostname, $req->isSecure(), true);
// make the newly started session in our request
$req->setSession($_SESSION);
return $next($req, $res);
}
/**
* @param \SessionHandlerInterface $handler
* @param string $namespace
*/
public function __construct(\SessionHandlerInterface $handler = null, $namespace = '__SLOTHS__')
{
if ($handler) {
session_set_save_handler($handler);
}
session_register_shutdown();
$this->namespace = $namespace;
}
/**
* Initialize the Session
*
* @param \SessionHandlerInterface $handler The session handler
*/
public function __construct(SessionHandlerInterface $handler = null, array $options = [])
{
session_register_shutdown();
$this->setOptions($options);
if (!$this->handler) {
$this->handler = $handler ?: new NativeHandler();
session_set_save_handler($this->handler, false);
}
}
/**
* Start a session
*
* @param array $config
*/
public static function start(array $config = array())
{
$default_config = array('use_cookies' => 1, 'name' => 'WT_SESSION', 'cookie_lifetime' => 0, 'gc_maxlifetime' => 7200, 'gc_probability' => 1, 'gc_divisor' => 100, 'cookie_path' => '', 'cookie_httponly' => true);
session_register_shutdown();
foreach ($config + $default_config as $key => $value) {
ini_set('session.' . $key, $value);
}
session_start();
}
/**
* Constructor
*
* @param \SessionHandlerInterface $handler Session save handler
* @param array $options Session options
*
* @since 1.0
*/
public function __construct(\SessionHandlerInterface $handler = null, array $options = array())
{
// Disable transparent sid support
ini_set('session.use_trans_sid', '0');
ini_set('session.use_cookies', 1);
session_cache_limiter('none');
session_register_shutdown();
$this->setOptions($options);
$this->setHandler($handler);
}
/**
* initialize storage mechanism, set save handler
*/
public function __construct()
{
ini_set('session.use_cookies', 1);
if (PHP_VERSION_ID >= 50400) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
$this->sessionDataBag = new SessionDataBag();
$this->setSaveHandler();
}
/**
* Construct
*
* @param array $options
* @param \SessionHandlerInterface $saveHandler
*/
public function __construct(array $options = array(), \SessionHandlerInterface $saveHandler = null)
{
session_cache_limiter('');
ini_set('session.use_cookies', 1);
ini_set('session.cookie_lifetime', 0);
$this->setOptions($options);
if ($saveHandler !== null) {
$this->setSaveHandler($saveHandler);
}
session_register_shutdown();
}
public function open($savePath, $sessionName)
{
if (function_exists('session_register_shutdown')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
/* Nothing to do here. */
debug('session open');
return true;
}
/**
* Инициализация модуля
*
*/
public function Init()
{
$this->bUseStandardSession = Config::Get('sys.session.standart');
// * Стартуем сессию
$this->Start();
if (!$this->GetCookie('visitor_id')) {
$this->SetCookie('visitor_id', F::RandomStr());
}
if (PHP_VERSION_ID >= 50400) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
}
/**
* Constructor.
*
* Depending on how you want the storage driver to behave you probably
* want to override this constructor entirely.
*
* List of options for $options array with their defaults.
* @see http://php.net/session.configuration for options
* but we omit 'session.' from the beginning of the keys for convenience.
*
* ("auto_start", is not supported as it tells PHP to start a session before
* PHP starts to execute user-land code. Setting during runtime has no effect).
*
* cache_limiter, "nocache" (use "0" to prevent headers from being sent entirely).
* cookie_domain, ""
* cookie_httponly, ""
* cookie_lifetime, "0"
* cookie_path, "/"
* cookie_secure, ""
* entropy_file, ""
* entropy_length, "0"
* gc_divisor, "100"
* gc_maxlifetime, "1440"
* gc_probability, "1"
* hash_bits_per_character, "4"
* hash_function, "0"
* name, "PHPSESSID"
* referer_check, ""
* serialize_handler, "php"
* use_cookies, "1"
* use_only_cookies, "1"
* use_trans_sid, "0"
* upload_progress.enabled, "1"
* upload_progress.cleanup, "1"
* upload_progress.prefix, "upload_progress_"
* upload_progress.name, "PHP_SESSION_UPLOAD_PROGRESS"
* upload_progress.freq, "1%"
* upload_progress.min-freq, "1"
* url_rewriter.tags, "a=href,area=href,frame=src,form=,fieldset="
*
* @param array $options Session configuration options.
* @param AbstractProxy|NativeSessionHandler|\SessionHandlerInterface|null $handler
* @param MetadataBag $metaBag MetadataBag.
*/
public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
{
session_cache_limiter('');
// disable by default because it's managed by HeaderBag (if used)
ini_set('session.use_cookies', 1);
if (version_compare(phpversion(), '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
$this->setMetadataBag($metaBag);
$this->setOptions($options);
$this->setSaveHandler($handler);
}
public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
{
ini_set('session.auto_start', 0);
ini_set('session.cache_limiter', '');
ini_set('session.use_cookies', 1);
if (version_compare(phpversion(), '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
$this->setMetadataBag($metaBag);
$this->setOptions($options);
$this->setSaveHandler($handler);
}
/**
* SessionStorage constructor.
*/
public function __construct(SessionMetaBottle $metaBottle = null)
{
ini_set('session.use_cookies', 1);
if (PHP_VERSION_ID >= 50400) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
if (null === $metaBottle) {
$metaBottle = new SessionMetaBottle();
}
$this->metadataBag = $metaBottle;
$this->handler = new PHPSessionHandler();
$this->isStart = true;
}
public function __construct()
{
$this->params = session_get_cookie_params();
$this->params["secure"] = true;
$this->params['httponly'] = true;
// unsecure version of cookies.
// $this->params["secure"] = false;
// $this->params['httponly'] = false;
// session register shutdown will call session_write_close when a die or exit is called.
session_register_shutdown();
session_set_cookie_params($this->RESTART_TIMER, $this->params["path"], $this->params["domain"], $this->params["secure"], $this->params["httponly"]);
$this->constructDefaults($this->RESTART_TIMER);
$this->sessionRegenerator();
if (!isset($_SESSION['csrf_token'])) {
$this->setCSRFToken();
}
}
/**
* Starts the session.
*
* @return bool True if started.
*
* @throws \RuntimeException If something goes wrong starting the session.
*/
public function start()
{
/*
* Write and Close handlers are called after destructing objects since PHP 5.0.5.
* Thus destructors can use sessions but session handler can't use objects.
* So we are moving session closure before destructing objects.
*/
if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
session_cache_limiter('none');
if (!session_start()) {
throw new \RuntimeException('Failed to start the session');
}
$this->started = true;
return true;
}
/**
* __construct
* @param object $storage
* @param array $options
*/
public function __construct($storage = null, array $options = array())
{
// Set options
$this->options = array_merge(array('meta' => true, 'name' => null, 'lifetime' => 0, 'path' => '/', 'domain' => null, 'secure' => true, 'httponly' => false), $options);
session_set_cookie_params($this->options['lifetime'], $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly']);
// Disable transparent sid support
ini_set('session.use_trans_sid', '0');
// Only allow the session ID to come from cookies and nothing else.
ini_set('session.use_only_cookies', '1');
// Better entropy source
ini_set('session.entropy_file', "/dev/urandom");
// Custom save handler
$this->handler($storage);
// http://www.php.net/manual/en/function.session-register-shutdown.php
if (version_compare(phpversion(), '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function(array($this, 'close'));
}
}
/**
* Configures the session
*/
protected function configureSession()
{
if (session_status() == PHP_SESSION_NONE) {
// Configure the php.ini session settings
ini_set('session.name', self::SESSION_NAME);
ini_set('session.use_trans_sid', 0);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
// Session GC
ini_set('session.gc_maxlifetime', $this->expireTime);
ini_set('session.gc_probability', $this->gcProbability);
ini_set('session.gc_divisor', 100);
// Set our own session handling methods
ini_set('session.save_handler', 'user');
session_set_save_handler($this, true);
session_register_shutdown();
// Start the session and secure it
$this->startSession();
}
}
/**
* Starts the session
*
* @return boolean True if started
*
* @since 3.5
* @throws RuntimeException If something goes wrong starting the session.
*/
public function start()
{
if ($this->isStarted()) {
return true;
}
/**
* Write and Close handlers are called after destructing objects since PHP 5.0.5.
* Thus destructors can use sessions but session handler can't use objects.
* So we are moving session closure before destructing objects.
*/
if (version_compare(PHP_VERSION, '5.4', 'ge')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
// Disable the cache limiter
session_cache_limiter('none');
/*
* Extended checks to determine if the session has already been started
*/
// If running PHP 5.4, try to use the native API
if (version_compare(PHP_VERSION, '5.4', 'ge') && PHP_SESSION_ACTIVE === session_status()) {
throw new RuntimeException('Failed to start the session: already started by PHP.');
}
// Fallback check for PHP 5.3
if (version_compare(PHP_VERSION, '5.4', 'lt') && !$this->closed && isset($_SESSION) && $this->getId()) {
throw new RuntimeException('Failed to start the session: already started by PHP ($_SESSION is set).');
}
// If we are using cookies (default true) and headers have already been started (early output),
if (ini_get('session.use_cookies') && headers_sent($file, $line)) {
throw new RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
}
// Ok to try and start the session
if (!session_start()) {
throw new RuntimeException('Failed to start the session');
}
return true;
}
function __construct()
{
session_set_save_handler(array($this, 'open'), array($this, 'close'), array($this, 'read'), array($this, 'write'), array($this, 'destroy'), array($this, 'gc'));
session_register_shutdown();
$this->db = $db_manager = new DbSessionManager();
}
* @param string $domain
* @return string
*/
function _m($message, $domain = 'default')
{
global $i18n;
return $i18n->translateModule($message, $domain);
}
/**
* Plural version of _m()
*
* @param string $singular
* @param string $plural
* @param string $count
* @param null|string $domain
* @return string
*/
function _mp($singular, $plural, $count, $domain = 'default')
{
global $i18n;
return $i18n->translateModulePlural($singular, $plural, $count, $domain);
}
// Output buffering
ob_start();
// Shutdown handlers
register_shutdown_function(function () use($request, $response) {
$response->setContent(App::view()->render());
$response->prepare($request)->send();
session_register_shutdown();
// This important!
});
/**
* Constructor.
*
* Depending on how you want the storage driver to behave you probably
* want to override this constructor entirely.
*
* List of options for $options array with their defaults.
*
* @see http://php.net/session.configuration for options
* but we omit 'session.' from the beginning of the keys for convenience.
*
* ("auto_start", is not supported as it tells PHP to start a session before
* PHP starts to execute user-land code. Setting during runtime has no effect).
*
* cache_limiter, "" (use "0" to prevent headers from being sent entirely).
* cookie_domain, ""
* cookie_httponly, ""
* cookie_lifetime, "0"
* cookie_path, "/"
* cookie_secure, ""
* entropy_file, ""
* entropy_length, "0"
* gc_divisor, "100"
* gc_maxlifetime, "1440"
* gc_probability, "1"
* hash_bits_per_character, "4"
* hash_function, "0"
* name, "PHPSESSID"
* referer_check, ""
* serialize_handler, "php"
* use_cookies, "1"
* use_only_cookies, "1"
* use_trans_sid, "0"
* upload_progress.enabled, "1"
* upload_progress.cleanup, "1"
* upload_progress.prefix, "upload_progress_"
* upload_progress.name, "PHP_SESSION_UPLOAD_PROGRESS"
* upload_progress.freq, "1%"
* upload_progress.min-freq, "1"
* url_rewriter.tags, "a=href,area=href,frame=src,form=,fieldset="
*
* @param array $options Session configuration options.
* @param AbstractProxy|NativeSessionHandler|\SessionHandlerInterface|null $handler
* @param MetadataBag $metaBag MetadataBag.
*/
public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
{
session_cache_limiter('');
// disable by default because it's managed by HeaderBag (if used)
ini_set('session.use_cookies', 1);
session_register_shutdown();
$this->setMetadataBag($metaBag);
$this->setOptions($options);
$this->setSaveHandler($handler);
}
/**
* Constructor.
*
* Depending on how you want the storage driver to behave you probably
* want top override this constructor entirely.
*
* List of options for $options array with their defaults.
* @see http://php.net/session.configuration for options
* but we omit 'session.' from the beginning of the keys for convenience.
*
* auto_start, "0"
* cache_limiter, "nocache" (use "0" to prevent headers from being sent entirely).
* cookie_domain, ""
* cookie_httponly, ""
* cookie_lifetime, "0"
* cookie_path, "/"
* cookie_secure, ""
* entropy_file, ""
* entropy_length, "0"
* gc_divisor, "100"
* gc_maxlifetime, "1440"
* gc_probability, "1"
* hash_bits_per_character, "4"
* hash_function, "0"
* name, "PHPSESSID"
* referer_check, ""
* serialize_handler, "php"
* use_cookies, "1"
* use_only_cookies, "1"
* use_trans_sid, "0"
* upload_progress.enabled, "1"
* upload_progress.cleanup, "1"
* upload_progress.prefix, "upload_progress_"
* upload_progress.name, "PHP_SESSION_UPLOAD_PROGRESS"
* upload_progress.freq, "1%"
* upload_progress.min-freq, "1"
* url_rewriter.tags, "a=href,area=href,frame=src,form=,fieldset="
*
* @param array $options Session configuration options.
* @param object $handler SessionHandlerInterface.
* @param MetadataBag $handler MetadataBag.
*/
public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
{
// sensible defaults
ini_set('session.auto_start', 0);
// by default we prefer to explicitly start the session using the class.
ini_set('session.cache_limiter', '');
// disable by default because it's managed by HeaderBag (if used)
ini_set('session.use_cookies', 1);
if (version_compare(phpversion(), '5.4.0', '>=')) {
session_register_shutdown();
} else {
register_shutdown_function('session_write_close');
}
$this->setMetadataBag($metaBag);
$this->setOptions($options);
$this->setSaveHandler($handler);
}
/**
* Configure and start the session
*
* @return void
*/
public function sessionStart()
{
/**
* Revisit this once basics are working
*
* grab session_id from https login form
*
* if ($xoops->getConfig('use_ssl')
* && isset($_POST[$xoops->getConfig('sslpost_name')])
* && $_POST[$xoops->getConfig('sslpost_name')] != ''
* ) {
* session_id($_POST[$xoops->getConfig('sslpost_name')]);
* } else { set session_name...}
*/
$name = $this->xoops->getConfig('session_name');
$name = empty($name) ? 'xoops_session' : $name;
$expire = (int) $this->xoops->getConfig('session_expire');
$expire = $expire > 0 ? $expire : 300;
$path = \XoopsBaseConfig::get('cookie-path');
$domain = \XoopsBaseConfig::get('cookie-domain');
$secure = $this->httpRequest->is('ssl');
session_name($name);
session_cache_expire($expire);
session_set_cookie_params(0, $path, $domain, $secure, true);
$sessionHandler = new Handler();
session_set_save_handler($sessionHandler);
session_register_shutdown();
session_start();
// if session is empty, make sure it isn't using a passed in id
if (empty($_SESSION)) {
$this->regenerateSession();
}
// Make sure the session hasn't expired, and destroy it if it has
if (!$this->validateSession()) {
$this->clearSession();
return;
}
// Check to see if the session shows sign of hijacking attempt
if (!$this->fingerprint->checkSessionPrint($this)) {
$this->regenerateSession();
// session data already cleared, just needs new id
return;
}
// establish valid user data in session, possibly clearing or adding from
// RememberMe mechanism as needed
$this->sessionUser->establish();
// Give a 5% chance of the session id changing on any authenticated request
//if ($this->has('xoopsUserId') && (rand(1, 100) <= 5)) {
if (rand(1, 100) <= 5) {
$this->expireSession();
}
}
public function stop()
{
session_unset();
session_destroy();
session_register_shutdown();
}
/**
* Constructor.
*
* ### Configuration:
*
* - timeout: The time in minutes the session should be valid for.
* - cookiePath: The url path for which session cookie is set. Maps to the
* `session.cookie_path` php.ini config. Defaults to base path of app.
* - ini: A list of php.ini directives to change before the session start.
* - handler: An array containing at least the `class` key. To be used as the session
* engine for persisting data. The rest of the keys in the array will be passed as
* the configuration array for the engine. You can set the `class` key to an already
* instantiated session handler object.
*
* @param array $config The Configuration to apply to this session object
*/
public function __construct(array $config = [])
{
if (isset($config['timeout'])) {
$config['ini']['session.gc_maxlifetime'] = 60 * $config['timeout'];
}
if (!empty($config['cookie'])) {
$config['ini']['session.name'] = $config['cookie'];
}
if (!isset($config['ini']['session.cookie_path'])) {
$cookiePath = empty($config['cookiePath']) ? '/' : $config['cookiePath'];
$config['ini']['session.cookie_path'] = $cookiePath;
}
if (!empty($config['ini']) && is_array($config['ini'])) {
$this->options($config['ini']);
}
if (!empty($config['handler']['engine'])) {
$class = $config['handler']['engine'];
unset($config['handler']['engine']);
session_set_save_handler($this->engine($class, $config['handler']), false);
}
$this->_lifetime = ini_get('session.gc_maxlifetime');
$this->_isCLI = PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg';
session_register_shutdown();
}
/**
* Destructor.
* @return void
*/
public final function __destruct()
{
session_register_shutdown();
}
