2008-05-30 11:40:08 +00:00
< ? php
/**
* Session class for Cake .
*
* Cake abstracts the handling of sessions .
* There are several convenient methods to access session information .
* This class is the implementation of those methods .
* They are mostly used by the Session Component .
*
2010-10-03 16:38:58 +00:00
* PHP 5
2008-05-30 11:40:08 +00:00
*
2009-11-06 06:46:59 +00:00
* CakePHP ( tm ) : Rapid Development Framework ( http :// cakephp . org )
2010-01-26 19:18:20 +00:00
* Copyright 2005 - 2010 , Cake Software Foundation , Inc . ( http :// cakefoundation . org )
2008-05-30 11:40:08 +00:00
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice .
*
2010-01-26 19:18:20 +00:00
* @ copyright Copyright 2005 - 2010 , Cake Software Foundation , Inc . ( http :// cakefoundation . org )
2009-11-06 06:00:11 +00:00
* @ link http :// cakephp . org CakePHP ( tm ) Project
2010-12-24 18:57:20 +00:00
* @ package cake . libs
2008-10-30 17:30:26 +00:00
* @ since CakePHP ( tm ) v . 0.10 . 0.1222
2009-11-06 06:51:51 +00:00
* @ license MIT License ( http :// www . opensource . org / licenses / mit - license . php )
2008-05-30 11:40:08 +00:00
*/
2009-04-13 19:47:40 +00:00
2010-12-04 07:21:42 +00:00
App :: uses ( 'Set' , 'Utility' );
2010-12-15 05:43:05 +00:00
App :: uses ( 'Security' , 'Utility' );
2010-12-04 07:21:42 +00:00
2008-05-30 11:40:08 +00:00
/**
* Session class for Cake .
*
* Cake abstracts the handling of sessions . There are several convenient methods to access session information .
* This class is the implementation of those methods . They are mostly used by the Session Component .
*
2010-12-24 18:57:20 +00:00
* @ package cake . libs
2008-05-30 11:40:08 +00:00
*/
2010-07-04 10:06:24 +00:00
class CakeSession {
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* True if the Session is still valid
*
* @ var boolean
*/
2010-06-23 01:25:04 +00:00
public static $valid = false ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Error messages for this session
*
* @ var array
*/
2010-06-23 01:25:04 +00:00
public static $error = false ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* User agent string
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
protected static $_userAgent = '' ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Path to where the session is active .
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $path = '/' ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Error number of last occurred error
*
* @ var integer
*/
2010-06-23 01:25:04 +00:00
public static $lastError = null ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* 'Security.level' setting , " high " , " medium " , or " low " .
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $security = null ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Start time for this session .
*
* @ var integer
*/
2010-06-23 01:25:04 +00:00
public static $time = false ;
2009-07-24 19:18:37 +00:00
2010-06-23 01:42:21 +00:00
/**
* Cookie lifetime
*
* @ var integer
*/
public static $cookieLifeTime ;
2008-05-30 11:40:08 +00:00
/**
* Time when this session becomes invalid .
*
* @ var integer
*/
2010-06-23 01:25:04 +00:00
public static $sessionTime = false ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Current Session id
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $id = null ;
2009-07-24 19:18:37 +00:00
2010-03-26 11:51:58 +00:00
/**
* Hostname
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $host = null ;
2010-03-26 11:53:30 +00:00
2010-04-28 23:45:20 +00:00
/**
* Session timeout multiplier factor
*
2010-06-27 16:17:37 +00:00
* @ var integer
2010-04-28 23:45:20 +00:00
*/
2010-06-23 01:25:04 +00:00
public static $timeout = null ;
2010-04-28 23:45:20 +00:00
2010-07-25 21:50:08 +00:00
/**
* Number of requests that can occur during a session time without the session being renewed .
* This feature is only used when `Session.harden` is set to true .
*
* @ var integer
* @ see CakeSession :: _checkValid ()
*/
public static $requestCountdown = 10 ;
2008-05-30 11:40:08 +00:00
/**
* Constructor .
*
* @ param string $base The base path for the Session
* @ param boolean $start Should session be started right now
*/
2010-07-04 10:06:24 +00:00
public static function init ( $base = null , $start = true ) {
2010-06-23 01:25:04 +00:00
self :: $time = time ();
2008-05-30 11:40:08 +00:00
2010-07-04 10:06:24 +00:00
$checkAgent = Configure :: read ( 'Session.checkAgent' );
if (( $checkAgent === true || $checkAgent === null ) && env ( 'HTTP_USER_AGENT' ) != null ) {
self :: $_userAgent = md5 ( env ( 'HTTP_USER_AGENT' ) . Configure :: read ( 'Security.salt' ));
2008-05-30 11:40:08 +00:00
}
2010-12-10 04:41:07 +00:00
self :: _setPath ( $base );
self :: _setHost ( env ( 'HTTP_HOST' ));
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2010-07-22 01:05:39 +00:00
/**
* Setup the Path variable
*
* @ param string $base base path
* @ return void
*/
protected static function _setPath ( $base = null ) {
if ( empty ( $base )) {
self :: $path = '/' ;
return ;
}
if ( strpos ( $base , 'index.php' ) !== false ) {
2010-07-22 08:42:56 +00:00
$base = str_replace ( 'index.php' , '' , $base );
2010-07-22 01:05:39 +00:00
}
if ( strpos ( $base , '?' ) !== false ) {
2010-07-22 08:42:56 +00:00
$base = str_replace ( '?' , '' , $base );
2010-07-22 01:05:39 +00:00
}
2010-07-22 08:42:56 +00:00
self :: $path = $base ;
2010-07-22 01:05:39 +00:00
}
/**
2010-07-22 09:09:48 +00:00
* Set the host name
2010-07-22 01:05:39 +00:00
*
2010-07-22 09:09:48 +00:00
* @ param string $host Hostname
2010-07-22 01:05:39 +00:00
* @ return void
*/
2010-07-22 09:09:48 +00:00
protected static function _setHost ( $host ) {
self :: $host = $host ;
2010-07-22 01:05:39 +00:00
if ( strpos ( self :: $host , ':' ) !== false ) {
self :: $host = substr ( self :: $host , 0 , strpos ( self :: $host , ':' ));
}
}
2008-05-30 11:40:08 +00:00
/**
* Starts the Session .
*
2010-03-25 23:46:48 +00:00
* @ return boolean True if session was started
2008-05-30 11:40:08 +00:00
*/
2010-06-23 01:25:04 +00:00
public static function start () {
2010-07-22 08:42:56 +00:00
if ( self :: started ()) {
return true ;
2010-03-25 23:46:48 +00:00
}
2010-07-26 04:32:31 +00:00
$id = self :: id ();
2010-07-22 08:42:56 +00:00
session_write_close ();
2010-07-25 05:14:41 +00:00
self :: _configureSession ();
2010-07-22 08:42:56 +00:00
self :: _startSession ();
2010-07-25 21:50:08 +00:00
2010-07-26 04:32:31 +00:00
if ( ! $id && self :: started ()) {
2010-07-22 08:42:56 +00:00
self :: _checkValid ();
2010-07-21 03:35:59 +00:00
}
2010-07-22 08:42:56 +00:00
2010-07-27 03:11:57 +00:00
self :: $error = false ;
2010-07-21 03:35:59 +00:00
return self :: started ();
}
2008-05-30 11:40:08 +00:00
/**
* Determine if Session has been started .
*
2008-09-25 16:49:56 +00:00
* @ return boolean True if session has been started .
2008-05-30 11:40:08 +00:00
*/
2010-06-23 01:25:04 +00:00
public static function started () {
2010-07-12 00:31:31 +00:00
return isset ( $_SESSION ) && session_id ();
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns true if given variable is set in session .
*
* @ param string $name Variable name to check for
* @ return boolean True if variable is there
*/
2010-07-22 09:19:53 +00:00
public static function check ( $name = null ) {
2010-12-10 04:55:38 +00:00
if ( ! self :: started () && ! self :: start ()) {
return false ;
}
2009-11-22 01:44:35 +00:00
if ( empty ( $name )) {
2008-06-20 20:17:23 +00:00
return false ;
2008-05-30 11:40:08 +00:00
}
2009-11-22 01:44:35 +00:00
$result = Set :: classicExtract ( $_SESSION , $name );
2008-05-30 11:40:08 +00:00
return isset ( $result );
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
2008-09-25 16:49:56 +00:00
* Returns the Session id
2008-09-26 14:03:16 +00:00
*
2008-05-30 11:40:08 +00:00
* @ param id $name string
* @ return string Session id
*/
2010-06-23 01:25:04 +00:00
public static function id ( $id = null ) {
2008-05-30 11:40:08 +00:00
if ( $id ) {
2010-06-23 01:25:04 +00:00
self :: $id = $id ;
session_id ( self :: $id );
2008-05-30 11:40:08 +00:00
}
2010-06-23 01:25:04 +00:00
if ( self :: started ()) {
2008-05-30 11:40:08 +00:00
return session_id ();
}
2010-06-23 01:25:04 +00:00
return self :: $id ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Removes a variable from session .
*
* @ param string $name Session variable to remove
* @ return boolean Success
*/
2010-06-23 01:25:04 +00:00
public static function delete ( $name ) {
if ( self :: check ( $name )) {
self :: __overwrite ( $_SESSION , Set :: remove ( $_SESSION , $name ));
return ( self :: check ( $name ) == false );
2008-05-30 11:40:08 +00:00
}
2011-03-19 17:16:12 +00:00
self :: __setError ( 2 , __d ( 'cake_error' , " %s doesn't exist " , $name ));
2008-05-30 11:40:08 +00:00
return false ;
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Used to write new data to _SESSION , since PHP doesn ' t like us setting the _SESSION var itself
*
* @ param array $old Set of old variables => values
* @ param array $new New set of variable => value
* @ access private
*/
2010-11-09 03:05:31 +00:00
private static function __overwrite ( & $old , $new ) {
2008-10-23 00:10:44 +00:00
if ( ! empty ( $old )) {
2008-05-30 11:40:08 +00:00
foreach ( $old as $key => $var ) {
if ( ! isset ( $new [ $key ])) {
unset ( $old [ $key ]);
}
}
}
foreach ( $new as $key => $var ) {
$old [ $key ] = $var ;
}
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Return error description for given error number .
*
* @ param integer $errorNumber Error to set
* @ return string Error as string
* @ access private
*/
2010-11-09 03:05:31 +00:00
private static function __error ( $errorNumber ) {
2010-06-23 01:25:04 +00:00
if ( ! is_array ( self :: $error ) || ! array_key_exists ( $errorNumber , self :: $error )) {
2008-05-30 11:40:08 +00:00
return false ;
} else {
2010-06-23 01:25:04 +00:00
return self :: $error [ $errorNumber ];
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns last occurred error as a string , if any .
*
* @ return mixed Error description as a string , or false .
*/
2010-06-23 01:25:04 +00:00
public static function error () {
if ( self :: $lastError ) {
2010-06-23 01:32:23 +00:00
return self :: __error ( self :: $lastError );
2008-05-30 11:40:08 +00:00
}
2010-06-23 01:25:04 +00:00
return false ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns true if session is valid .
*
* @ return boolean Success
*/
2010-06-23 01:25:04 +00:00
public static function valid () {
if ( self :: read ( 'Config' )) {
2010-07-27 03:11:57 +00:00
if ( self :: _validAgentAndTime () && self :: $error === false ) {
2010-07-27 03:01:23 +00:00
self :: $valid = true ;
2008-05-30 11:40:08 +00:00
} else {
2010-06-23 01:25:04 +00:00
self :: $valid = false ;
self :: __setError ( 1 , 'Session Highjacking Attempted !!!' );
2008-05-30 11:40:08 +00:00
}
}
2010-06-23 01:25:04 +00:00
return self :: $valid ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2010-07-27 03:01:23 +00:00
/**
* Tests that the user agent is valid and that the session hasn 't ' timed out ' .
* Since timeouts are implemented in CakeSession it checks the current self :: $time
* against the time the session is set to expire . The User agent is only checked
* if Session . checkAgent == true .
*
* @ return boolean
*/
protected static function _validAgentAndTime () {
2010-12-06 14:08:06 +00:00
$config = self :: read ( 'Config' );
2010-07-27 03:01:23 +00:00
$validAgent = (
Configure :: read ( 'Session.checkAgent' ) === false ||
2010-12-06 14:08:06 +00:00
self :: $_userAgent == $config [ 'userAgent' ]
2010-07-27 03:01:23 +00:00
);
2010-12-06 14:08:06 +00:00
return ( $validAgent && self :: $time <= $config [ 'time' ]);
2010-07-27 03:01:23 +00:00
}
2010-07-21 03:35:59 +00:00
/**
2010-07-27 03:11:57 +00:00
* Get / Set the userAgent
2010-07-21 03:35:59 +00:00
*
* @ param string $userAgent Set the userAgent
* @ return void
*/
public static function userAgent ( $userAgent = null ) {
if ( $userAgent ) {
self :: $_userAgent = $userAgent ;
}
return self :: $_userAgent ;
}
2008-05-30 11:40:08 +00:00
/**
* Returns given session variable , or all of them , if no parameters given .
*
* @ param mixed $name The name of the session variable ( or a path as sent to Set . extract )
* @ return mixed The value of the session variable
*/
2010-06-23 01:25:04 +00:00
public static function read ( $name = null ) {
2010-12-10 04:55:38 +00:00
if ( ! self :: started () && ! self :: start ()) {
2008-05-30 11:40:08 +00:00
return false ;
}
if ( is_null ( $name )) {
2010-06-23 01:25:04 +00:00
return self :: __returnSessionVars ();
2008-05-30 11:40:08 +00:00
}
if ( empty ( $name )) {
return false ;
}
2009-11-22 01:25:45 +00:00
$result = Set :: classicExtract ( $_SESSION , $name );
2008-05-30 11:40:08 +00:00
if ( ! is_null ( $result )) {
return $result ;
}
2010-06-23 01:25:04 +00:00
self :: __setError ( 2 , " $name doesn't exist " );
2008-05-30 11:40:08 +00:00
return null ;
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns all session variables .
*
* @ return mixed Full $_SESSION array , or false on error .
*/
2010-12-13 02:09:56 +00:00
private static function __returnSessionVars () {
2008-05-30 11:40:08 +00:00
if ( ! empty ( $_SESSION )) {
return $_SESSION ;
}
2010-06-23 01:25:04 +00:00
self :: __setError ( 2 , 'No Session vars set' );
2008-05-30 11:40:08 +00:00
return false ;
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Writes value to given session variable name .
*
* @ param mixed $name Name of variable
* @ param string $value Value to write
* @ return boolean True if the write was successful , false if the write failed
*/
2010-07-16 03:54:01 +00:00
public static function write ( $name , $value = null ) {
2010-12-10 04:55:38 +00:00
if ( ! self :: started () && ! self :: start ()) {
return false ;
}
2009-11-22 01:44:35 +00:00
if ( empty ( $name )) {
2008-05-30 11:40:08 +00:00
return false ;
}
2010-07-16 03:54:01 +00:00
$write = $name ;
if ( ! is_array ( $name )) {
$write = array ( $name => $value );
2008-05-30 11:40:08 +00:00
}
2010-07-16 03:54:01 +00:00
foreach ( $write as $key => $val ) {
self :: __overwrite ( $_SESSION , Set :: insert ( $_SESSION , $key , $val ));
if ( Set :: classicExtract ( $_SESSION , $key ) !== $val ) {
return false ;
}
}
return true ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to destroy invalid sessions .
*
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-07-11 23:57:04 +00:00
public static function destroy () {
2010-07-27 02:38:40 +00:00
if ( self :: started ()) {
session_destroy ();
}
2010-09-30 03:01:23 +00:00
self :: clear ();
}
/**
* Clears the session , the session id , and renew ' s the session .
*
* @ return void
*/
public static function clear () {
2010-07-25 23:55:02 +00:00
$_SESSION = null ;
2010-07-08 03:33:38 +00:00
self :: $id = null ;
2010-06-23 01:25:04 +00:00
self :: start ();
self :: renew ();
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to initialize a session , based on Cake core settings .
*
2010-07-25 04:42:28 +00:00
* Sessions can be configured with a few shortcut names as well as have any number of ini settings declared .
*
2010-07-25 05:14:41 +00:00
* @ return void
2010-12-12 00:01:07 +00:00
* @ throws CakeSessionException Throws exceptions when ini_set () fails .
2008-05-30 11:40:08 +00:00
*/
2010-07-25 05:14:41 +00:00
protected static function _configureSession () {
2010-07-25 04:42:28 +00:00
$sessionConfig = Configure :: read ( 'Session' );
2008-10-23 00:10:44 +00:00
$iniSet = function_exists ( 'ini_set' );
2010-07-25 04:42:28 +00:00
if ( isset ( $sessionConfig [ 'defaults' ])) {
$defaults = self :: _defaultConfig ( $sessionConfig [ 'defaults' ]);
if ( $defaults ) {
$sessionConfig = Set :: merge ( $defaults , $sessionConfig );
}
}
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.cookie_secure' ]) && env ( 'HTTPS' )) {
$sessionConfig [ 'ini' ][ 'session.cookie_secure' ] = 1 ;
}
if ( isset ( $sessionConfig [ 'timeout' ]) && ! isset ( $sessionConfig [ 'cookieTimeout' ])) {
$sessionConfig [ 'cookieTimeout' ] = $sessionConfig [ 'timeout' ];
2008-08-12 23:47:00 +00:00
}
2010-07-25 04:42:28 +00:00
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.cookie_lifetime' ])) {
$sessionConfig [ 'ini' ][ 'session.cookie_lifetime' ] = $sessionConfig [ 'cookieTimeout' ] * 60 ;
}
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.name' ])) {
$sessionConfig [ 'ini' ][ 'session.name' ] = $sessionConfig [ 'cookie' ];
}
if ( ! empty ( $sessionConfig [ 'handler' ])) {
2010-07-25 05:14:41 +00:00
$sessionConfig [ 'ini' ][ 'session.save_handler' ] = 'user' ;
2008-05-30 11:40:08 +00:00
}
2010-07-25 04:42:28 +00:00
if ( empty ( $_SESSION )) {
if ( ! empty ( $sessionConfig [ 'ini' ]) && is_array ( $sessionConfig [ 'ini' ])) {
foreach ( $sessionConfig [ 'ini' ] as $setting => $value ) {
if ( ini_set ( $setting , $value ) === false ) {
2010-12-12 00:01:07 +00:00
throw new CakeSessionException ( sprintf (
2011-03-19 17:16:12 +00:00
__d ( 'cake_error' , 'Unable to configure the session, setting %s failed.' ),
2010-07-25 15:42:05 +00:00
$setting
));
2010-07-25 04:42:28 +00:00
}
}
}
}
if ( ! empty ( $sessionConfig [ 'handler' ]) && ! isset ( $sessionConfig [ 'handler' ][ 'engine' ])) {
call_user_func_array ( 'session_set_save_handler' , $sessionConfig [ 'handler' ]);
}
2010-07-25 15:42:05 +00:00
if ( ! empty ( $sessionConfig [ 'handler' ][ 'engine' ])) {
2010-09-06 04:43:58 +00:00
$handler = self :: _getHandler ( $sessionConfig [ 'handler' ][ 'engine' ]);
2010-07-25 15:42:05 +00:00
session_set_save_handler (
2010-09-06 04:43:58 +00:00
array ( $handler , 'open' ),
array ( $handler , 'close' ),
array ( $handler , 'read' ),
array ( $handler , 'write' ),
array ( $handler , 'destroy' ),
array ( $handler , 'gc' )
2010-07-25 15:42:05 +00:00
);
}
2010-07-26 04:32:31 +00:00
Configure :: write ( 'Session' , $sessionConfig );
self :: $sessionTime = self :: $time + ( $sessionConfig [ 'timeout' ] * 60 );
2010-07-25 18:27:45 +00:00
}
2008-05-30 11:40:08 +00:00
2010-07-25 18:27:45 +00:00
/**
* Find the handler class and make sure it implements the correct interface .
*
* @ return void
*/
protected static function _getHandler ( $handler ) {
2010-07-25 23:09:29 +00:00
list ( $plugin , $class ) = pluginSplit ( $handler , true );
2010-12-08 00:29:07 +00:00
App :: uses ( $class , $plugin . 'Model/Datasource/Session' );
2010-07-25 18:27:45 +00:00
if ( ! class_exists ( $class )) {
2011-03-19 17:16:12 +00:00
throw new CakeSessionException ( __d ( 'cake_error' , 'Could not load %s to handle the session.' , $class ));
2008-05-30 11:40:08 +00:00
}
2010-09-06 04:43:58 +00:00
$handler = new $class ();
if ( $handler instanceof CakeSessionHandlerInterface ) {
return $handler ;
2010-07-25 18:27:45 +00:00
}
2011-03-19 17:16:12 +00:00
throw new CakeSessionException ( __d ( 'cake_error' , 'Chosen SessionHandler does not implement CakeSessionHandlerInterface it cannot be used with an engine key.' ));
2010-07-25 04:42:28 +00:00
}
/**
* Get one of the prebaked default session configurations .
*
* @ return void
*/
protected static function _defaultConfig ( $name ) {
$defaults = array (
'php' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'cookieTimeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
2010-07-25 05:14:41 +00:00
'session.cookie_path' => self :: $path ,
'session.save_handler' => 'files'
2010-07-25 04:42:28 +00:00
)
),
'cake' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'cookieTimeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
'url_rewriter.tags' => '' ,
'session.serialize_handler' => 'php' ,
'session.use_cookies' => 1 ,
'session.cookie_path' => self :: $path ,
'session.auto_start' => 0 ,
2010-07-25 05:14:41 +00:00
'session.save_path' => TMP . 'sessions' ,
'session.save_handler' => 'files'
2010-07-25 04:42:28 +00:00
)
),
'cache' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'cookieTimeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
'url_rewriter.tags' => '' ,
2010-07-25 05:14:41 +00:00
'session.auto_start' => 0 ,
2010-07-25 04:42:28 +00:00
'session.use_cookies' => 1 ,
'session.cookie_path' => self :: $path ,
'session.save_handler' => 'user' ,
),
'handler' => array (
2010-07-25 17:20:30 +00:00
'engine' => 'CacheSession' ,
'config' => 'default'
2010-07-25 04:42:28 +00:00
)
),
'database' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'cookieTimeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
'url_rewriter.tags' => '' ,
'session.auto_start' => 0 ,
'session.use_cookies' => 1 ,
'session.cookie_path' => self :: $path ,
'session.save_handler' => 'user' ,
'session.serialize_handler' => 'php' ,
),
'handler' => array (
2010-07-25 17:20:30 +00:00
'engine' => 'DatabaseSession' ,
'model' => 'Session'
2010-07-25 04:42:28 +00:00
)
)
);
if ( isset ( $defaults [ $name ])) {
return $defaults [ $name ];
}
return false ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to start a session
*
2010-07-07 07:56:23 +00:00
* @ return boolean Success
2008-05-30 11:40:08 +00:00
*/
2010-11-09 03:05:31 +00:00
protected static function _startSession () {
2008-05-30 11:40:08 +00:00
if ( headers_sent ()) {
2009-01-14 03:52:37 +00:00
if ( empty ( $_SESSION )) {
2008-05-30 11:40:08 +00:00
$_SESSION = array ();
}
} elseif ( ! isset ( $_SESSION )) {
session_cache_limiter ( " must-revalidate " );
session_start ();
header ( 'P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"' );
} else {
session_start ();
}
2010-07-07 07:56:23 +00:00
return true ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to create a new session .
*
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-06-23 01:25:04 +00:00
protected static function _checkValid () {
2010-12-10 04:55:38 +00:00
if ( ! self :: started () && ! self :: start ()) {
self :: $valid = false ;
return false ;
}
2010-12-06 14:08:06 +00:00
if ( $config = self :: read ( 'Config' )) {
2010-07-25 21:50:08 +00:00
$sessionConfig = Configure :: read ( 'Session' );
2010-07-27 02:38:40 +00:00
2010-07-27 03:01:23 +00:00
if ( self :: _validAgentAndTime ()) {
2010-12-06 14:08:06 +00:00
$time = $config [ 'time' ];
2010-06-23 01:25:04 +00:00
self :: write ( 'Config.time' , self :: $sessionTime );
2010-07-27 02:42:32 +00:00
if ( isset ( $sessionConfig [ 'autoRegenerate' ]) && $sessionConfig [ 'autoRegenerate' ] === true ) {
2010-12-06 14:08:06 +00:00
$check = $config [ 'countdown' ];
2010-05-11 04:39:10 +00:00
$check -= 1 ;
2010-07-25 21:50:08 +00:00
self :: write ( 'Config.countdown' , $check );
2008-05-30 11:40:08 +00:00
2010-07-25 21:50:08 +00:00
if ( time () > ( $time - ( $sessionConfig [ 'timeout' ] * 60 ) + 2 ) || $check < 1 ) {
2010-06-23 01:25:04 +00:00
self :: renew ();
2010-07-25 21:50:08 +00:00
self :: write ( 'Config.countdown' , self :: $requestCountdown );
2008-05-30 11:40:08 +00:00
}
}
2010-06-23 01:25:04 +00:00
self :: $valid = true ;
2008-05-30 11:40:08 +00:00
} else {
2010-06-23 01:25:04 +00:00
self :: destroy ();
self :: $valid = false ;
self :: __setError ( 1 , 'Session Highjacking Attempted !!!' );
2008-05-30 11:40:08 +00:00
}
} else {
2010-06-23 01:25:04 +00:00
self :: write ( 'Config.userAgent' , self :: $_userAgent );
self :: write ( 'Config.time' , self :: $sessionTime );
2010-07-25 21:50:08 +00:00
self :: write ( 'Config.countdown' , self :: $requestCountdown );
2010-06-23 01:25:04 +00:00
self :: $valid = true ;
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
2010-07-22 08:14:49 +00:00
* Restarts this session .
2008-05-30 11:40:08 +00:00
*
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-07-22 08:14:49 +00:00
public static function renew () {
2010-07-22 07:53:47 +00:00
if ( session_id ()) {
if ( session_id () != '' || isset ( $_COOKIE [ session_name ()])) {
2010-06-23 01:25:04 +00:00
setcookie ( Configure :: read ( 'Session.cookie' ), '' , time () - 42000 , self :: $path );
2008-05-30 11:40:08 +00:00
}
2008-10-12 03:29:10 +00:00
session_regenerate_id ( true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to set an internal error message .
*
* @ param integer $errorNumber Number of the error
* @ param string $errorMessage Description of the error
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
* @ access private
*/
2010-11-09 03:05:31 +00:00
private static function __setError ( $errorNumber , $errorMessage ) {
2010-06-23 01:25:04 +00:00
if ( self :: $error === false ) {
self :: $error = array ();
2008-05-30 11:40:08 +00:00
}
2010-06-23 01:25:04 +00:00
self :: $error [ $errorNumber ] = $errorMessage ;
self :: $lastError = $errorNumber ;
2008-05-30 11:40:08 +00:00
}
2010-07-25 15:42:05 +00:00
}
/**
* Interface for Session handlers . Custom session handler classes should implement
* this interface as it allows CakeSession know how to map methods to session_set_save_handler ()
*
* @ package cake . libs
*/
interface CakeSessionHandlerInterface {
/**
* Method called on open of a session .
*
* @ return boolean Success
*/
2010-09-06 04:43:58 +00:00
public function open ();
2010-07-25 15:42:05 +00:00
/**
* Method called on close of a session .
*
* @ return boolean Success
*/
2010-09-06 04:43:58 +00:00
public function close ();
2010-07-25 15:42:05 +00:00
/**
* Method used to read from a session .
*
* @ param mixed $id The key of the value to read
* @ return mixed The value of the key or false if it does not exist
*/
2010-09-06 04:43:58 +00:00
public function read ( $id );
2010-07-25 15:42:05 +00:00
/**
* Helper function called on write for sessions .
*
* @ param integer $id ID that uniquely identifies session in database
* @ param mixed $data The value of the data to be saved .
* @ return boolean True for successful write , false otherwise .
*/
2010-09-06 04:43:58 +00:00
public function write ( $id , $data );
2010-07-25 15:42:05 +00:00
/**
* Method called on the destruction of a session .
*
* @ param integer $id ID that uniquely identifies session in database
* @ return boolean True for successful delete , false otherwise .
*/
2010-09-06 04:43:58 +00:00
public function destroy ( $id );
2010-07-25 15:42:05 +00:00
/**
* Run the Garbage collection on the session storage . This method should vacuum all
* expired or dead sessions .
*
* @ param integer $expires Timestamp ( defaults to current time )
* @ return boolean Success
*/
2010-09-06 04:43:58 +00:00
public function gc ( $expires = null );
2010-07-25 15:42:05 +00:00
}
2010-07-04 10:06:24 +00:00
// Initialize the session
CakeSession :: init ();