/** * Configure and start the session * * @return void */ public function sessionStart() { /** * Revisit this once basics are working * * grab session_id from https login form * * if ($xoops->getConfig('use_ssl') * && isset($_POST[$xoops->getConfig('sslpost_name')]) * && $_POST[$xoops->getConfig('sslpost_name')] != '' * ) { * session_id($_POST[$xoops->getConfig('sslpost_name')]); * } else { set session_name...} */ $name = $this->xoops->getConfig('session_name'); $name = empty($name) ? 'xoops_session' : $name; $expire = (int) $this->xoops->getConfig('session_expire'); $expire = $expire > 0 ? $expire : 300; $path = \XoopsBaseConfig::get('cookie-path'); $domain = \XoopsBaseConfig::get('cookie-domain'); $secure = $this->httpRequest->is('ssl'); session_name($name); session_cache_expire($expire); session_set_cookie_params(0, $path, $domain, $secure, true); $sessionHandler = new Handler(); session_set_save_handler($sessionHandler); //session_register_shutdown(); register_shutdown_function(array($this, 'sessionShutdown')); session_start(); // if session is empty, make sure it isn't using a passed in id if (empty($_SESSION)) { $this->regenerateSession(); } // Make sure the session hasn't expired, and destroy it if it has if (!$this->validateSession()) { $this->clearSession(); return; } // Check to see if the session shows sign of hijacking attempt if (!$this->fingerprint->checkSessionPrint($this)) { $this->regenerateSession(); // session data already cleared, just needs new id return; } // establish valid user data in session, possibly clearing or adding from // RememberMe mechanism as needed $this->sessionUser->establish(); // Give a 5% chance of the session id changing on any authenticated request //if ($this->has('xoopsUserId') && (rand(1, 100) <= 5)) { if (rand(1, 100) <= 5) { $this->expireSession(); } }
/** * Update cookie status for current session * * @param array|string $cookieData usercookie value * @param integer $expire seconds until usercookie expires * * @return void **/ protected function writeUserCookie($cookieData, $expire = 2592000) { $usercookie = $this->xoops->getConfig('usercookie'); if (empty($usercookie)) { return; // remember me is not configured } if (is_array($cookieData)) { $cookieData = implode('-', $cookieData); } $httpRequest = HttpRequest::getInstance(); $path = \XoopsBaseConfig::get('cookie-path'); $domain = \XoopsBaseConfig::get('cookie-domain'); $secure = $httpRequest->is('ssl'); setcookie($usercookie, $cookieData, $this->now + $expire, $path, $domain, $secure, true); }