/** * Merges the session and manager tokens. All manager tokens types will be in the result array * If a specific type is found in the session this token replaces the one (of the same type) * given by the manager. * * @param array $managerTokens Array of tokens provided by the authentication manager * @param array $sessionTokens Array of tokens restored from the session * @return array Array of \TYPO3\Flow\Security\Authentication\TokenInterface objects */ protected function mergeTokens($managerTokens, $sessionTokens) { $resultTokens = array(); if (!is_array($managerTokens)) { return $resultTokens; } /** @var $managerToken \TYPO3\Flow\Security\Authentication\TokenInterface */ foreach ($managerTokens as $managerToken) { $noCorrespondingSessionTokenFound = true; if (!is_array($sessionTokens)) { continue; } /** @var $sessionToken \TYPO3\Flow\Security\Authentication\TokenInterface */ foreach ($sessionTokens as $sessionToken) { if ($sessionToken->getAuthenticationProviderName() === $managerToken->getAuthenticationProviderName()) { $session = $this->sessionManager->getCurrentSession(); $this->securityLogger->log(sprintf('Session %s contains auth token %s for provider %s. Status: %s', $session->getId(), get_class($sessionToken), $sessionToken->getAuthenticationProviderName(), $this->tokenStatusLabels[$sessionToken->getAuthenticationStatus()]), LOG_INFO, null, 'Flow'); $resultTokens[$sessionToken->getAuthenticationProviderName()] = $sessionToken; $noCorrespondingSessionTokenFound = false; } } if ($noCorrespondingSessionTokenFound) { $resultTokens[$managerToken->getAuthenticationProviderName()] = $managerToken; } } return $resultTokens; }
/** * Collects the garbage sessions that have expired * * This is intended for big applications, as running garbage collection over * potentially hundreds of thousands of sessions every few requests isn't * something you want to do in a production environment. Setup a cronjob * instead that calls this command at night (or once every few hours). * * @return void */ public function collectGarbageSessionsCommand() { $count = $this->sessionManager->getCurrentSession()->collectGarbage(); $this->outputLine('Removed %d expired sessions.', [$count]); }