protected function _session() { if (!$this->_session instanceof Zend_Session_Namespace) { $this->_session = new Zend_Session_Namespace(__CLASS__); if (!isset($this->_session->initialized)) { Showcase_Session::regenerateId(); $this->_session->initialized = true; } $this->_session->lock(); } return $this->_session; }
/** * routeStartup() - check to see if a session exists versus a given parameter * * @param (Zend_Controller_Request_Abstract $request * @return void */ public function routeStartup(Zend_Controller_Request_Abstract $request) { //$request->setParam('ClientId','1'); $regenerate = false; $uri = $request->getRequestUri(); if (preg_match($this->_regex, $uri, $uriKey)) { $sessionKey = $uriKey[1]; unset($uriKey); // OK we have a session ID passed to us by $_GET // Check to see if a cookie exists for this user if (Showcase_Session::sessionExists()) { // Cookie exists, remove the SID param from the request $request->setParam('sid', null); } else { if (false === strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot')) { Showcase_Session::setSessionKey($sessionKey); // no session for this user // a get query and no session means either they are using an old link // or that they have really high security settings // let's go to the database and see if we can find them $regenerate = true; $sessionId = Showcase_Session::getSessionId($request); // checks database to get the true PHPSESSID if ($sessionId) { // they have a session in the database, set their current session as the existing one // and then regenerate it anyway as a security measure. try { Showcase_Session::setId($sessionId); } catch (Zend_Exception $e) { try { Showcase_Session::destroy(true); } catch (Zend_Exception $e) { } } } unset($sessionId); // this is not a variable you want lying around. Ever. Unsetting just to be safe. } } $request->setRequestUri(preg_replace($this->_regex, '', $uri)); } Showcase_Session::start(); if ($regenerate) { Showcase_Session::regenerateId(); } }
protected function _insert($id = null, $flag = null) { if ($flag) { echo $flag; } $sessionKey = $this->_getSessionKey(); if (!$sessionKey) { $sessionKey = $this->_generateSessionKey(); // session_id was empty, regenerate $newSessionKey = $sessionKey; } else { $newSessionKey = $this->_generateSessionKey(); } // If we're rebuilding the session we should really regenerate the ID as well if (!Showcase_Session::isRegenerated()) { Showcase_Session::regenerateId(); } $userId = intval($id); if (!$userId) { $userId = self::USER_ANONYMOUS; } $userIp = Showcase_Session::encodeIp($this->_remoteIp); // just ensure that no one is spoofing $sessionId = session_id(); $agent = Showcase_Session::getuserAgentId($this->_request); //$portalId = Showcase_Portal::resolve($this->_request); if ($stmt = Zend_Registry::get('dbh')->proc('session_update_expired')) { $stmt->bindParam(':old_key', $sessionKey, PDO::PARAM_STR); $stmt->bindParam(':new_key', $newSessionKey, PDO::PARAM_STR); $stmt->bindParam(':session', $sessionId, PDO::PARAM_STR); $stmt->bindParam(':user', $userId, PDO::PARAM_INT); $stmt->bindParam(':agent', $agent, PDO::PARAM_STR); $stmt->bindParam(':ip', $userIp, PDO::PARAM_STR); //$stmt->bindParam(':portal', $portalId, PDO::PARAM_INT); try { $stmt->execute(); $result = $stmt->fetch(Zend_Db::FETCH_OBJ); $stmt->closeCursor(); } catch (Zend_Db_Statement_Exception $e) { die(__LINE__ . ':' . __FILE__ . ':' . $e->getMessage()); } if (!$result) { // No session existed to update, re-create $stmt = Zend_Registry::get('dbh')->proc('session_create'); $stmt->bindParam(':new_key', $newSessionKey, PDO::PARAM_STR); $stmt->bindParam(':session', $sessionId, PDO::PARAM_STR); $stmt->bindParam(':user', $userId, PDO::PARAM_INT); $stmt->bindParam(':agent', $agent, PDO::PARAM_STR); $stmt->bindParam(':ip', $userIp, PDO::PARAM_STR); //$stmt->bindParam(':portal', $portalId, PDO::PARAM_INT); try { $stmt->execute(); $result = $stmt->fetch(Zend_Db::FETCH_OBJ); $stmt->closeCursor(); } catch (Zend_Db_Statement_Exception $e) { echo $e->getMessage(); } } } if ($result instanceof stdClass) { $sessionKey = $result->key; $this->_sessionData->key = $sessionKey; $this->_sessionData->agent = $agent; $this->_sessionData->start = $result->start; $this->_sessionData->update = $result->updated; //$this->_sessionData->portal = $portalId; $this->_sessionData->setUserId($userId); Showcase_Session::setSessionKey($newSessionKey); } //$this->_cleanUpExpiredSessions(); }