/** * Constructor: __construct * On first session instance creation, sets up the driver and creates session. */ public function __construct() { $this->input = new Input(); // This part only needs to be run once if (self::$instance === NULL) { // Load config self::$config = Eight::config('session'); // Makes a mirrored array, eg: foo=foo self::$protect = array_combine(self::$protect, self::$protect); if (self::$config['driver'] != 'native') { // Set driver name $driver = 'Session_Driver_' . ucfirst(self::$config['driver']); // Load the driver if (!Eight::auto_load($driver)) { throw new Eight_Exception('session.driver_not_supported', self::$config['driver']); } // Initialize the driver self::$driver = new $driver(); // Validate the driver if (!self::$driver instanceof Session_Driver) { throw new Eight_Exception('session.driver_must_implement_interface'); } } // Create a new session $this->create(); // Regenerate session id if (self::$config['regenerate'] > 0 and $_SESSION['total_hits'] % self::$config['regenerate'] === 0) { $this->regenerate(); } // Close the session just before sending the headers, so that // the session cookie can be written Event::add('system.post_controller', 'session_write_close'); // Singleton instance self::$instance = $this; } Eight::log('debug', 'Session Library initialized'); }
/** * Create a new session. * * @param array variables to set after creation * @return void */ public function create($vars = NULL) { // Destroy any current sessions $this->destroy(); if (self::$config['driver'] !== 'native') { // Set driver name $driver = 'Session_' . ucfirst(self::$config['driver']) . '_Driver'; // Load the driver if (!Kohana::auto_load($driver)) { throw new Kohana_Exception('core.driver_not_found', self::$config['driver'], get_class($this)); } // Initialize the driver self::$driver = new $driver(); // Validate the driver if (!self::$driver instanceof Session_Driver) { throw new Kohana_Exception('core.driver_implements', self::$config['driver'], get_class($this), 'Session_Driver'); } // Register non-native driver as the session handler session_set_save_handler(array(self::$driver, 'open'), array(self::$driver, 'close'), array(self::$driver, 'read'), array(self::$driver, 'write'), array(self::$driver, 'destroy'), array(self::$driver, 'gc')); } // Validate the session name if (!preg_match('~^(?=.*[a-z])[a-z0-9_]++$~iD', self::$config['name'])) { throw new Kohana_Exception('session.invalid_session_name', self::$config['name']); } // Name the session, this will also be the name of the cookie session_name(self::$config['name']); // Set the session cookie parameters session_set_cookie_params(self::$config['expiration'], Kohana::config('cookie.path'), Kohana::config('cookie.domain'), Kohana::config('cookie.secure'), Kohana::config('cookie.httponly')); // Start the session! session_start(); // Put session_id in the session variable $_SESSION['session_id'] = session_id(); // Set defaults if (!isset($_SESSION['_kf_flash_'])) { $_SESSION['total_hits'] = 0; $_SESSION['_kf_flash_'] = array(); $_SESSION['user_agent'] = Kohana::$user_agent; $_SESSION['ip_address'] = $this->input->ip_address(); } // Set up flash variables self::$flash =& $_SESSION['_kf_flash_']; // Increase total hits $_SESSION['total_hits'] += 1; // Validate data only on hits after one if ($_SESSION['total_hits'] > 1) { // Validate the session foreach (self::$config['validate'] as $valid) { switch ($valid) { // Check user agent for consistency case 'user_agent': if ($_SESSION[$valid] !== Kohana::$user_agent) { return $this->create(); } break; // Check ip address for consistency // Check ip address for consistency case 'ip_address': if ($_SESSION[$valid] !== $this->input->{$valid}()) { return $this->create(); } break; // Check expiration time to prevent users from manually modifying it // Check expiration time to prevent users from manually modifying it case 'expiration': if (time() - $_SESSION['last_activity'] > ini_get('session.gc_maxlifetime')) { return $this->create(); } break; } } // Expire flash keys $this->expire_flash(); } // Update last activity $_SESSION['last_activity'] = time(); // Set the new data self::set($vars); }