/**
* Set the "forceHTTPS" cookie
* @param bool $set Whether the cookie should be set or not
* @param SessionBackend|null $backend
* @param WebRequest $request
*/
protected function setForceHTTPSCookie($set, SessionBackend $backend = null, WebRequest $request)
{
$response = $request->response();
if ($set) {
$response->setCookie('forceHTTPS', 'true', $backend->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $this->cookieOptions);
} else {
$response->clearCookie('forceHTTPS', array('prefix' => '', 'secure' => false) + $this->cookieOptions);
}
}
public function testConstructor()
{
// Set variables
$this->getBackend();
$info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', false), 'idIsSafe' => true));
$id = new SessionId($info->getId());
$logger = new \Psr\Log\NullLogger();
try {
new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
$this->fail('Expected exception not thrown');
} catch (\InvalidArgumentException $ex) {
$this->assertSame("Refusing to create session for unverified user {$info->getUserInfo()}", $ex->getMessage());
}
$info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => self::SESSIONID, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true));
$id = new SessionId($info->getId());
try {
new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
$this->fail('Expected exception not thrown');
} catch (\InvalidArgumentException $ex) {
$this->assertSame('Cannot create session without a provider', $ex->getMessage());
}
$info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true));
$id = new SessionId('!' . $info->getId());
try {
new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
$this->fail('Expected exception not thrown');
} catch (\InvalidArgumentException $ex) {
$this->assertSame('SessionId and SessionInfo don\'t match', $ex->getMessage());
}
$info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true));
$id = new SessionId($info->getId());
$backend = new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
$this->assertSame(self::SESSIONID, $backend->getId());
$this->assertSame($id, $backend->getSessionId());
$this->assertSame($this->provider, $backend->getProvider());
$this->assertInstanceOf('User', $backend->getUser());
$this->assertSame('UTSysop', $backend->getUser()->getName());
$this->assertSame($info->wasPersisted(), $backend->isPersistent());
$this->assertSame($info->wasRemembered(), $backend->shouldRememberUser());
$this->assertSame($info->forceHTTPS(), $backend->shouldForceHTTPS());
$expire = time() + 100;
$this->store->setSessionMeta(self::SESSIONID, array('expires' => $expire), 2);
$info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'forceHTTPS' => true, 'metadata' => array('foo'), 'idIsSafe' => true));
$id = new SessionId($info->getId());
$backend = new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
$this->assertSame(self::SESSIONID, $backend->getId());
$this->assertSame($id, $backend->getSessionId());
$this->assertSame($this->provider, $backend->getProvider());
$this->assertInstanceOf('User', $backend->getUser());
$this->assertTrue($backend->getUser()->isAnon());
$this->assertSame($info->wasPersisted(), $backend->isPersistent());
$this->assertSame($info->wasRemembered(), $backend->shouldRememberUser());
$this->assertSame($info->forceHTTPS(), $backend->shouldForceHTTPS());
$this->assertSame($expire, \TestingAccessWrapper::newFromObject($backend)->expires);
$this->assertSame(array('foo'), $backend->getProviderMetadata());
}
/**
* Set the "forceHTTPS" cookie
* @param bool $set Whether the cookie should be set or not
* @param SessionBackend|null $backend
* @param WebRequest $request
*/
protected function setForceHTTPSCookie($set, SessionBackend $backend = null, WebRequest $request)
{
$response = $request->response();
if ($set) {
if ($backend->shouldRememberUser()) {
$expirationDuration = $this->getLoginCookieExpiration('forceHTTPS', true);
$expiration = $expirationDuration ? $expirationDuration + time() : null;
} else {
$expiration = null;
}
$response->setCookie('forceHTTPS', 'true', $expiration, ['prefix' => '', 'secure' => false] + $this->cookieOptions);
} else {
$response->clearCookie('forceHTTPS', ['prefix' => '', 'secure' => false] + $this->cookieOptions);
}
}
public function persistSession(SessionBackend $session, WebRequest $request)
{
if ($this->sessionCookieName === null) {
return;
}
$response = $request->response();
if ($response->headersSent()) {
// Can't do anything now
$this->logger->debug(__METHOD__ . ': Headers already sent');
return;
}
$options = $this->sessionCookieOptions;
if ($session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS()) {
$response->setCookie('forceHTTPS', 'true', $session->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $options);
$options['secure'] = true;
}
$response->setCookie($this->sessionCookieName, $session->getId(), null, $options);
}
public function persistSession(SessionBackend $session, WebRequest $request)
{
$response = $request->response();
if ($response->headersSent()) {
// Can't do anything now
$this->logger->debug(__METHOD__ . ': Headers already sent');
return;
}
$user = $session->getUser();
$cookies = $this->cookieDataToExport($user, $session->shouldRememberUser());
$sessionData = $this->sessionDataToExport($user);
// Legacy hook
if ($this->params['callUserSetCookiesHook'] && !$user->isAnon()) {
\Hooks::run('UserSetCookies', array($user, &$sessionData, &$cookies));
}
$options = $this->cookieOptions;
if ($session->shouldForceHTTPS() || $user->requiresHTTPS()) {
$response->setCookie('forceHTTPS', 'true', $session->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $options);
$options['secure'] = true;
}
$response->setCookie($this->params['sessionName'], $session->getId(), null, array('prefix' => '') + $options);
$extendedCookies = $this->config->get('ExtendedLoginCookies');
$extendedExpiry = $this->config->get('ExtendedLoginCookieExpiration');
foreach ($cookies as $key => $value) {
if ($value === false) {
$response->clearCookie($key, $options);
} else {
if ($extendedExpiry !== null && in_array($key, $extendedCookies)) {
$expiry = time() + (int) $extendedExpiry;
} else {
$expiry = 0;
// Default cookie expiration
}
$response->setCookie($key, (string) $value, $expiry, $options);
}
}
$this->setLoggedOutCookie($session->getLoggedOutTimestamp(), $request);
if ($sessionData) {
$session->addData($sessionData);
}
}