2008-05-30 11:40:08 +00:00
< ? php
/**
2013-09-28 01:31:35 +00:00
* Session class for CakePHP .
2008-05-30 11:40:08 +00:00
*
2013-09-28 01:31:35 +00:00
* CakePHP abstracts the handling of sessions .
2008-05-30 11:40:08 +00:00
* There are several convenient methods to access session information .
* This class is the implementation of those methods .
* They are mostly used by the Session Component .
*
2009-11-06 06:46:59 +00:00
* CakePHP ( tm ) : Rapid Development Framework ( http :// cakephp . org )
2013-02-08 11:59:49 +00:00
* Copyright ( c ) Cake Software Foundation , Inc . ( http :// cakefoundation . org )
2008-05-30 11:40:08 +00:00
*
* Licensed under The MIT License
2013-02-08 12:22:51 +00:00
* For full copyright and license information , please see the LICENSE . txt
2008-05-30 11:40:08 +00:00
* Redistributions of files must retain the above copyright notice .
*
2013-02-08 11:59:49 +00:00
* @ copyright Copyright ( c ) Cake Software Foundation , Inc . ( http :// cakefoundation . org )
2009-11-06 06:00:11 +00:00
* @ link http :// cakephp . org CakePHP ( tm ) Project
2011-07-26 06:16:14 +00:00
* @ package Cake . Model . Datasource
2008-10-30 17:30:26 +00:00
* @ since CakePHP ( tm ) v . 0.10 . 0.1222
2013-05-30 22:11:14 +00:00
* @ license http :// www . opensource . org / licenses / mit - license . php MIT License
2008-05-30 11:40:08 +00:00
*/
2009-04-13 19:47:40 +00:00
2012-03-08 04:26:40 +00:00
App :: uses ( 'Hash' , 'Utility' );
2010-12-15 05:43:05 +00:00
App :: uses ( 'Security' , 'Utility' );
2010-12-04 07:21:42 +00:00
2008-05-30 11:40:08 +00:00
/**
2013-09-28 01:31:35 +00:00
* Session class for CakePHP .
2008-05-30 11:40:08 +00:00
*
2013-09-28 01:31:35 +00:00
* CakePHP abstracts the handling of sessions . There are several convenient methods to access session information .
2008-05-30 11:40:08 +00:00
* This class is the implementation of those methods . They are mostly used by the Session Component .
*
2011-07-26 06:16:14 +00:00
* @ package Cake . Model . Datasource
2008-05-30 11:40:08 +00:00
*/
2010-07-04 10:06:24 +00:00
class CakeSession {
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* True if the Session is still valid
*
* @ var boolean
*/
2010-06-23 01:25:04 +00:00
public static $valid = false ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Error messages for this session
*
* @ var array
*/
2010-06-23 01:25:04 +00:00
public static $error = false ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* User agent string
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
protected static $_userAgent = '' ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Path to where the session is active .
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $path = '/' ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Error number of last occurred error
*
* @ var integer
*/
2010-06-23 01:25:04 +00:00
public static $lastError = null ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Start time for this session .
*
* @ var integer
*/
2010-06-23 01:25:04 +00:00
public static $time = false ;
2009-07-24 19:18:37 +00:00
2010-06-23 01:42:21 +00:00
/**
* Cookie lifetime
*
* @ var integer
*/
public static $cookieLifeTime ;
2008-05-30 11:40:08 +00:00
/**
* Time when this session becomes invalid .
*
* @ var integer
*/
2010-06-23 01:25:04 +00:00
public static $sessionTime = false ;
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Current Session id
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $id = null ;
2009-07-24 19:18:37 +00:00
2010-03-26 11:51:58 +00:00
/**
* Hostname
*
* @ var string
*/
2010-06-23 01:25:04 +00:00
public static $host = null ;
2010-03-26 11:53:30 +00:00
2010-04-28 23:45:20 +00:00
/**
* Session timeout multiplier factor
*
2010-06-27 16:17:37 +00:00
* @ var integer
2010-04-28 23:45:20 +00:00
*/
2010-06-23 01:25:04 +00:00
public static $timeout = null ;
2010-04-28 23:45:20 +00:00
2010-07-25 21:50:08 +00:00
/**
* Number of requests that can occur during a session time without the session being renewed .
2012-01-29 16:54:26 +00:00
* This feature is only used when config value `Session.autoRegenerate` is set to true .
2010-07-25 21:50:08 +00:00
*
* @ var integer
* @ see CakeSession :: _checkValid ()
*/
public static $requestCountdown = 10 ;
2013-12-08 12:44:16 +00:00
/**
* Whether or not the init function in this class was already called
*
* @ var boolean
*/
protected static $_initialized = false ;
2008-05-30 11:40:08 +00:00
/**
2012-05-05 16:37:29 +00:00
* Pseudo constructor .
2008-05-30 11:40:08 +00:00
*
* @ param string $base The base path for the Session
2011-07-30 22:38:57 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2012-01-07 23:01:50 +00:00
public static function init ( $base = null ) {
2010-06-23 01:25:04 +00:00
self :: $time = time ();
2010-07-04 10:06:24 +00:00
$checkAgent = Configure :: read ( 'Session.checkAgent' );
2013-12-08 12:44:16 +00:00
2013-07-18 10:02:42 +00:00
if ( env ( 'HTTP_USER_AGENT' )) {
2010-07-04 10:06:24 +00:00
self :: $_userAgent = md5 ( env ( 'HTTP_USER_AGENT' ) . Configure :: read ( 'Security.salt' ));
2008-05-30 11:40:08 +00:00
}
2013-12-08 12:44:16 +00:00
2010-12-10 04:41:07 +00:00
self :: _setPath ( $base );
self :: _setHost ( env ( 'HTTP_HOST' ));
2012-05-05 16:37:29 +00:00
2013-12-08 12:44:16 +00:00
if ( ! self :: $_initialized ) {
register_shutdown_function ( 'session_write_close' );
}
self :: $_initialized = true ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2010-07-22 01:05:39 +00:00
/**
* Setup the Path variable
*
* @ param string $base base path
* @ return void
*/
protected static function _setPath ( $base = null ) {
if ( empty ( $base )) {
self :: $path = '/' ;
return ;
}
if ( strpos ( $base , 'index.php' ) !== false ) {
2012-11-14 11:24:08 +00:00
$base = str_replace ( 'index.php' , '' , $base );
2010-07-22 01:05:39 +00:00
}
if ( strpos ( $base , '?' ) !== false ) {
2012-11-14 11:24:08 +00:00
$base = str_replace ( '?' , '' , $base );
2010-07-22 01:05:39 +00:00
}
2010-07-22 08:42:56 +00:00
self :: $path = $base ;
2010-07-22 01:05:39 +00:00
}
/**
2010-07-22 09:09:48 +00:00
* Set the host name
2010-07-22 01:05:39 +00:00
*
2010-07-22 09:09:48 +00:00
* @ param string $host Hostname
2010-07-22 01:05:39 +00:00
* @ return void
*/
2010-07-22 09:09:48 +00:00
protected static function _setHost ( $host ) {
self :: $host = $host ;
2010-07-22 01:05:39 +00:00
if ( strpos ( self :: $host , ':' ) !== false ) {
self :: $host = substr ( self :: $host , 0 , strpos ( self :: $host , ':' ));
}
}
2008-05-30 11:40:08 +00:00
/**
* Starts the Session .
*
2010-03-25 23:46:48 +00:00
* @ return boolean True if session was started
2008-05-30 11:40:08 +00:00
*/
2010-06-23 01:25:04 +00:00
public static function start () {
2010-07-22 08:42:56 +00:00
if ( self :: started ()) {
return true ;
2010-03-25 23:46:48 +00:00
}
2013-12-08 12:44:16 +00:00
2010-07-26 04:32:31 +00:00
$id = self :: id ();
2010-07-22 08:42:56 +00:00
self :: _startSession ();
2010-07-25 21:50:08 +00:00
2010-07-26 04:32:31 +00:00
if ( ! $id && self :: started ()) {
2010-07-22 08:42:56 +00:00
self :: _checkValid ();
2010-07-21 03:35:59 +00:00
}
2010-07-22 08:42:56 +00:00
2010-07-27 03:11:57 +00:00
self :: $error = false ;
2013-12-07 21:25:33 +00:00
self :: $valid = true ;
2010-07-21 03:35:59 +00:00
return self :: started ();
}
2008-05-30 11:40:08 +00:00
/**
* Determine if Session has been started .
*
2008-09-25 16:49:56 +00:00
* @ return boolean True if session has been started .
2008-05-30 11:40:08 +00:00
*/
2010-06-23 01:25:04 +00:00
public static function started () {
2010-07-12 00:31:31 +00:00
return isset ( $_SESSION ) && session_id ();
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns true if given variable is set in session .
*
* @ param string $name Variable name to check for
* @ return boolean True if variable is there
*/
2010-07-22 09:19:53 +00:00
public static function check ( $name = null ) {
2013-06-18 21:49:42 +00:00
if ( ! self :: start ()) {
2010-12-10 04:55:38 +00:00
return false ;
}
2009-11-22 01:44:35 +00:00
if ( empty ( $name )) {
2008-06-20 20:17:23 +00:00
return false ;
2008-05-30 11:40:08 +00:00
}
2012-09-15 00:33:05 +00:00
return Hash :: get ( $_SESSION , $name ) !== null ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
2013-06-18 21:49:42 +00:00
* Returns the session id .
* Calling this method will not auto start the session . You might have to manually
* assert a started session .
2008-09-26 14:03:16 +00:00
*
2013-06-18 21:49:42 +00:00
* Passing an id into it , you can also replace the session id if the session
* has not already been started .
* Note that depending on the session handler , not all characters are allowed
* within the session id . For example , the file session handler only allows
* characters in the range a - z A - Z 0 - 9 , ( comma ) and - ( minus ) .
*
* @ param string $id Id to replace the current session id
2008-05-30 11:40:08 +00:00
* @ return string Session id
*/
2010-06-23 01:25:04 +00:00
public static function id ( $id = null ) {
2008-05-30 11:40:08 +00:00
if ( $id ) {
2010-06-23 01:25:04 +00:00
self :: $id = $id ;
session_id ( self :: $id );
2008-05-30 11:40:08 +00:00
}
2010-06-23 01:25:04 +00:00
if ( self :: started ()) {
2008-05-30 11:40:08 +00:00
return session_id ();
}
2010-06-23 01:25:04 +00:00
return self :: $id ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Removes a variable from session .
*
* @ param string $name Session variable to remove
* @ return boolean Success
*/
2010-06-23 01:25:04 +00:00
public static function delete ( $name ) {
if ( self :: check ( $name )) {
2012-03-11 01:57:18 +00:00
self :: _overwrite ( $_SESSION , Hash :: remove ( $_SESSION , $name ));
2012-09-14 17:26:30 +00:00
return ! self :: check ( $name );
2008-05-30 11:40:08 +00:00
}
return false ;
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
2013-06-18 21:49:42 +00:00
* Used to write new data to _SESSION , since PHP doesn ' t like us setting the _SESSION var itself .
2008-05-30 11:40:08 +00:00
*
* @ param array $old Set of old variables => values
* @ param array $new New set of variable => value
2011-07-30 22:38:57 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2011-08-20 04:43:34 +00:00
protected static function _overwrite ( & $old , $new ) {
2008-10-23 00:10:44 +00:00
if ( ! empty ( $old )) {
2008-05-30 11:40:08 +00:00
foreach ( $old as $key => $var ) {
if ( ! isset ( $new [ $key ])) {
unset ( $old [ $key ]);
}
}
}
foreach ( $new as $key => $var ) {
$old [ $key ] = $var ;
}
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Return error description for given error number .
*
* @ param integer $errorNumber Error to set
* @ return string Error as string
*/
2011-08-20 04:43:34 +00:00
protected static function _error ( $errorNumber ) {
2010-06-23 01:25:04 +00:00
if ( ! is_array ( self :: $error ) || ! array_key_exists ( $errorNumber , self :: $error )) {
2008-05-30 11:40:08 +00:00
return false ;
}
2012-09-15 00:33:05 +00:00
return self :: $error [ $errorNumber ];
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns last occurred error as a string , if any .
*
* @ return mixed Error description as a string , or false .
*/
2010-06-23 01:25:04 +00:00
public static function error () {
if ( self :: $lastError ) {
2011-08-20 04:43:34 +00:00
return self :: _error ( self :: $lastError );
2008-05-30 11:40:08 +00:00
}
2010-06-23 01:25:04 +00:00
return false ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns true if session is valid .
*
* @ return boolean Success
*/
2010-06-23 01:25:04 +00:00
public static function valid () {
if ( self :: read ( 'Config' )) {
2010-07-27 03:11:57 +00:00
if ( self :: _validAgentAndTime () && self :: $error === false ) {
2010-07-27 03:01:23 +00:00
self :: $valid = true ;
2008-05-30 11:40:08 +00:00
} else {
2010-06-23 01:25:04 +00:00
self :: $valid = false ;
2011-08-20 04:43:34 +00:00
self :: _setError ( 1 , 'Session Highjacking Attempted !!!' );
2008-05-30 11:40:08 +00:00
}
}
2010-06-23 01:25:04 +00:00
return self :: $valid ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2010-07-27 03:01:23 +00:00
/**
* Tests that the user agent is valid and that the session hasn 't ' timed out ' .
* Since timeouts are implemented in CakeSession it checks the current self :: $time
2012-12-22 22:48:15 +00:00
* against the time the session is set to expire . The User agent is only checked
2010-07-27 03:01:23 +00:00
* if Session . checkAgent == true .
*
* @ return boolean
*/
protected static function _validAgentAndTime () {
2010-12-06 14:08:06 +00:00
$config = self :: read ( 'Config' );
2010-07-27 03:01:23 +00:00
$validAgent = (
Configure :: read ( 'Session.checkAgent' ) === false ||
2010-12-06 14:08:06 +00:00
self :: $_userAgent == $config [ 'userAgent' ]
2010-07-27 03:01:23 +00:00
);
2010-12-06 14:08:06 +00:00
return ( $validAgent && self :: $time <= $config [ 'time' ]);
2010-07-27 03:01:23 +00:00
}
2010-07-21 03:35:59 +00:00
/**
2013-06-18 21:49:42 +00:00
* Get / Set the user agent
2010-07-21 03:35:59 +00:00
*
2013-06-18 21:49:42 +00:00
* @ param string $userAgent Set the user agent
* @ return string Current user agent
2010-07-21 03:35:59 +00:00
*/
public static function userAgent ( $userAgent = null ) {
if ( $userAgent ) {
self :: $_userAgent = $userAgent ;
}
2012-01-07 23:01:50 +00:00
if ( empty ( self :: $_userAgent )) {
CakeSession :: init ( self :: $path );
}
2010-07-21 03:35:59 +00:00
return self :: $_userAgent ;
}
2008-05-30 11:40:08 +00:00
/**
* Returns given session variable , or all of them , if no parameters given .
*
2012-05-13 00:43:31 +00:00
* @ param string | array $name The name of the session variable ( or a path as sent to Set . extract )
2008-05-30 11:40:08 +00:00
* @ return mixed The value of the session variable
*/
2010-06-23 01:25:04 +00:00
public static function read ( $name = null ) {
2013-06-18 21:49:42 +00:00
if ( ! self :: start ()) {
2008-05-30 11:40:08 +00:00
return false ;
}
2013-08-16 18:12:49 +00:00
if ( $name === null ) {
2011-08-20 04:43:34 +00:00
return self :: _returnSessionVars ();
2008-05-30 11:40:08 +00:00
}
if ( empty ( $name )) {
return false ;
}
2012-03-08 04:26:40 +00:00
$result = Hash :: get ( $_SESSION , $name );
2008-05-30 11:40:08 +00:00
2012-03-08 04:26:40 +00:00
if ( isset ( $result )) {
2008-05-30 11:40:08 +00:00
return $result ;
}
return null ;
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Returns all session variables .
*
* @ return mixed Full $_SESSION array , or false on error .
*/
2011-08-20 04:43:34 +00:00
protected static function _returnSessionVars () {
2008-05-30 11:40:08 +00:00
if ( ! empty ( $_SESSION )) {
return $_SESSION ;
}
2011-08-20 04:43:34 +00:00
self :: _setError ( 2 , 'No Session vars set' );
2008-05-30 11:40:08 +00:00
return false ;
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Writes value to given session variable name .
*
2012-05-13 00:43:31 +00:00
* @ param string | array $name Name of variable
2008-05-30 11:40:08 +00:00
* @ param string $value Value to write
* @ return boolean True if the write was successful , false if the write failed
*/
2010-07-16 03:54:01 +00:00
public static function write ( $name , $value = null ) {
2013-06-18 21:49:42 +00:00
if ( ! self :: start ()) {
2010-12-10 04:55:38 +00:00
return false ;
}
2009-11-22 01:44:35 +00:00
if ( empty ( $name )) {
2008-05-30 11:40:08 +00:00
return false ;
}
2010-07-16 03:54:01 +00:00
$write = $name ;
if ( ! is_array ( $name )) {
$write = array ( $name => $value );
2008-05-30 11:40:08 +00:00
}
2010-07-16 03:54:01 +00:00
foreach ( $write as $key => $val ) {
2012-03-08 04:26:40 +00:00
self :: _overwrite ( $_SESSION , Hash :: insert ( $_SESSION , $key , $val ));
if ( Hash :: get ( $_SESSION , $key ) !== $val ) {
2010-07-16 03:54:01 +00:00
return false ;
}
}
return true ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to destroy invalid sessions .
*
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-07-11 23:57:04 +00:00
public static function destroy () {
2013-12-07 21:25:33 +00:00
if ( ! self :: started ()) {
self :: _startSession ();
}
2013-01-22 01:46:41 +00:00
session_destroy ();
2013-12-07 21:25:33 +00:00
$_SESSION = null ;
self :: $id = null ;
2010-09-30 03:01:23 +00:00
}
/**
2013-03-05 07:05:14 +00:00
* Clears the session , the session id , and renews the session .
2010-09-30 03:01:23 +00:00
*
* @ return void
*/
public static function clear () {
2010-07-25 23:55:02 +00:00
$_SESSION = null ;
2010-07-08 03:33:38 +00:00
self :: $id = null ;
2010-06-23 01:25:04 +00:00
self :: renew ();
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
2013-09-28 01:31:35 +00:00
* Helper method to initialize a session , based on CakePHP core settings .
2008-05-30 11:40:08 +00:00
*
2010-07-25 04:42:28 +00:00
* Sessions can be configured with a few shortcut names as well as have any number of ini settings declared .
*
2010-07-25 05:14:41 +00:00
* @ return void
2010-12-12 00:01:07 +00:00
* @ throws CakeSessionException Throws exceptions when ini_set () fails .
2008-05-30 11:40:08 +00:00
*/
2010-07-25 05:14:41 +00:00
protected static function _configureSession () {
2010-07-25 04:42:28 +00:00
$sessionConfig = Configure :: read ( 'Session' );
if ( isset ( $sessionConfig [ 'defaults' ])) {
$defaults = self :: _defaultConfig ( $sessionConfig [ 'defaults' ]);
if ( $defaults ) {
2012-03-11 01:57:18 +00:00
$sessionConfig = Hash :: merge ( $defaults , $sessionConfig );
2010-07-25 04:42:28 +00:00
}
}
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.cookie_secure' ]) && env ( 'HTTPS' )) {
$sessionConfig [ 'ini' ][ 'session.cookie_secure' ] = 1 ;
}
if ( isset ( $sessionConfig [ 'timeout' ]) && ! isset ( $sessionConfig [ 'cookieTimeout' ])) {
$sessionConfig [ 'cookieTimeout' ] = $sessionConfig [ 'timeout' ];
2008-08-12 23:47:00 +00:00
}
2010-07-25 04:42:28 +00:00
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.cookie_lifetime' ])) {
$sessionConfig [ 'ini' ][ 'session.cookie_lifetime' ] = $sessionConfig [ 'cookieTimeout' ] * 60 ;
}
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.name' ])) {
$sessionConfig [ 'ini' ][ 'session.name' ] = $sessionConfig [ 'cookie' ];
}
if ( ! empty ( $sessionConfig [ 'handler' ])) {
2010-07-25 05:14:41 +00:00
$sessionConfig [ 'ini' ][ 'session.save_handler' ] = 'user' ;
2008-05-30 11:40:08 +00:00
}
2012-05-24 02:25:19 +00:00
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.gc_maxlifetime' ])) {
$sessionConfig [ 'ini' ][ 'session.gc_maxlifetime' ] = $sessionConfig [ 'timeout' ] * 60 ;
}
2012-06-13 00:00:19 +00:00
if ( ! isset ( $sessionConfig [ 'ini' ][ 'session.cookie_httponly' ])) {
$sessionConfig [ 'ini' ][ 'session.cookie_httponly' ] = 1 ;
}
2008-05-30 11:40:08 +00:00
2010-07-25 04:42:28 +00:00
if ( empty ( $_SESSION )) {
if ( ! empty ( $sessionConfig [ 'ini' ]) && is_array ( $sessionConfig [ 'ini' ])) {
foreach ( $sessionConfig [ 'ini' ] as $setting => $value ) {
if ( ini_set ( $setting , $value ) === false ) {
2013-08-16 10:12:27 +00:00
throw new CakeSessionException ( __d ( 'cake_dev' , 'Unable to configure the session, setting %s failed.' , $setting ));
2010-07-25 04:42:28 +00:00
}
}
}
}
if ( ! empty ( $sessionConfig [ 'handler' ]) && ! isset ( $sessionConfig [ 'handler' ][ 'engine' ])) {
call_user_func_array ( 'session_set_save_handler' , $sessionConfig [ 'handler' ]);
}
2010-07-25 15:42:05 +00:00
if ( ! empty ( $sessionConfig [ 'handler' ][ 'engine' ])) {
2010-09-06 04:43:58 +00:00
$handler = self :: _getHandler ( $sessionConfig [ 'handler' ][ 'engine' ]);
2010-07-25 15:42:05 +00:00
session_set_save_handler (
2010-09-06 04:43:58 +00:00
array ( $handler , 'open' ),
array ( $handler , 'close' ),
array ( $handler , 'read' ),
array ( $handler , 'write' ),
array ( $handler , 'destroy' ),
array ( $handler , 'gc' )
2010-07-25 15:42:05 +00:00
);
}
2010-07-26 04:32:31 +00:00
Configure :: write ( 'Session' , $sessionConfig );
self :: $sessionTime = self :: $time + ( $sessionConfig [ 'timeout' ] * 60 );
2010-07-25 18:27:45 +00:00
}
2008-05-30 11:40:08 +00:00
2010-07-25 18:27:45 +00:00
/**
* Find the handler class and make sure it implements the correct interface .
*
2011-07-30 22:38:57 +00:00
* @ param string $handler
2010-07-25 18:27:45 +00:00
* @ return void
2011-07-31 20:55:52 +00:00
* @ throws CakeSessionException
2010-07-25 18:27:45 +00:00
*/
protected static function _getHandler ( $handler ) {
2010-07-25 23:09:29 +00:00
list ( $plugin , $class ) = pluginSplit ( $handler , true );
2010-12-08 00:29:07 +00:00
App :: uses ( $class , $plugin . 'Model/Datasource/Session' );
2010-07-25 18:27:45 +00:00
if ( ! class_exists ( $class )) {
2011-03-20 15:35:43 +00:00
throw new CakeSessionException ( __d ( 'cake_dev' , 'Could not load %s to handle the session.' , $class ));
2008-05-30 11:40:08 +00:00
}
2010-09-06 04:43:58 +00:00
$handler = new $class ();
if ( $handler instanceof CakeSessionHandlerInterface ) {
return $handler ;
2010-07-25 18:27:45 +00:00
}
2011-03-20 15:35:43 +00:00
throw new CakeSessionException ( __d ( 'cake_dev' , 'Chosen SessionHandler does not implement CakeSessionHandlerInterface it cannot be used with an engine key.' ));
2010-07-25 04:42:28 +00:00
}
/**
* Get one of the prebaked default session configurations .
*
2011-07-30 22:38:57 +00:00
* @ param string $name
* @ return boolean | array
2010-07-25 04:42:28 +00:00
*/
protected static function _defaultConfig ( $name ) {
$defaults = array (
'php' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
2011-11-09 14:38:36 +00:00
'session.cookie_path' => self :: $path
2010-07-25 04:42:28 +00:00
)
),
'cake' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
'url_rewriter.tags' => '' ,
'session.serialize_handler' => 'php' ,
'session.use_cookies' => 1 ,
'session.cookie_path' => self :: $path ,
2010-07-25 05:14:41 +00:00
'session.save_path' => TMP . 'sessions' ,
'session.save_handler' => 'files'
2010-07-25 04:42:28 +00:00
)
),
'cache' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
'url_rewriter.tags' => '' ,
'session.use_cookies' => 1 ,
'session.cookie_path' => self :: $path ,
'session.save_handler' => 'user' ,
),
'handler' => array (
2010-07-25 17:20:30 +00:00
'engine' => 'CacheSession' ,
'config' => 'default'
2010-07-25 04:42:28 +00:00
)
),
'database' => array (
'cookie' => 'CAKEPHP' ,
'timeout' => 240 ,
'ini' => array (
'session.use_trans_sid' => 0 ,
'url_rewriter.tags' => '' ,
'session.use_cookies' => 1 ,
'session.cookie_path' => self :: $path ,
'session.save_handler' => 'user' ,
'session.serialize_handler' => 'php' ,
),
'handler' => array (
2010-07-25 17:20:30 +00:00
'engine' => 'DatabaseSession' ,
'model' => 'Session'
2010-07-25 04:42:28 +00:00
)
)
);
if ( isset ( $defaults [ $name ])) {
return $defaults [ $name ];
}
return false ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to start a session
*
2010-07-07 07:56:23 +00:00
* @ return boolean Success
2008-05-30 11:40:08 +00:00
*/
2010-11-09 03:05:31 +00:00
protected static function _startSession () {
2013-12-08 12:44:16 +00:00
self :: init ();
session_write_close ();
self :: _configureSession ();
2008-05-30 11:40:08 +00:00
if ( headers_sent ()) {
2009-01-14 03:52:37 +00:00
if ( empty ( $_SESSION )) {
2008-05-30 11:40:08 +00:00
$_SESSION = array ();
}
} else {
2012-04-14 14:50:31 +00:00
// For IE<=8
2012-04-14 14:04:43 +00:00
session_cache_limiter ( " must-revalidate " );
2008-05-30 11:40:08 +00:00
session_start ();
}
2010-07-07 07:56:23 +00:00
return true ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to create a new session .
*
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-06-23 01:25:04 +00:00
protected static function _checkValid () {
2013-12-07 21:25:33 +00:00
$config = self :: read ( 'Config' );
if ( $config ) {
2010-07-25 21:50:08 +00:00
$sessionConfig = Configure :: read ( 'Session' );
2010-07-27 02:38:40 +00:00
2013-12-07 21:25:33 +00:00
if ( self :: valid ()) {
2010-06-23 01:25:04 +00:00
self :: write ( 'Config.time' , self :: $sessionTime );
2010-07-27 02:42:32 +00:00
if ( isset ( $sessionConfig [ 'autoRegenerate' ]) && $sessionConfig [ 'autoRegenerate' ] === true ) {
2010-12-06 14:08:06 +00:00
$check = $config [ 'countdown' ];
2010-05-11 04:39:10 +00:00
$check -= 1 ;
2010-07-25 21:50:08 +00:00
self :: write ( 'Config.countdown' , $check );
2008-05-30 11:40:08 +00:00
2012-01-29 20:37:14 +00:00
if ( $check < 1 ) {
2010-06-23 01:25:04 +00:00
self :: renew ();
2010-07-25 21:50:08 +00:00
self :: write ( 'Config.countdown' , self :: $requestCountdown );
2008-05-30 11:40:08 +00:00
}
}
} else {
2013-12-07 21:25:33 +00:00
$_SESSION = array ();
2010-06-23 01:25:04 +00:00
self :: destroy ();
2011-08-20 04:43:34 +00:00
self :: _setError ( 1 , 'Session Highjacking Attempted !!!' );
2013-12-07 21:25:33 +00:00
self :: _startSession ();
self :: _writeConfig ();
2008-05-30 11:40:08 +00:00
}
} else {
2013-12-07 21:25:33 +00:00
self :: _writeConfig ();
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 19:18:37 +00:00
2013-12-07 21:25:33 +00:00
/**
* Writes configuration variables to the session
*
* @ return void
*/
protected static function _writeConfig () {
self :: write ( 'Config.userAgent' , self :: $_userAgent );
self :: write ( 'Config.time' , self :: $sessionTime );
self :: write ( 'Config.countdown' , self :: $requestCountdown );
}
2008-05-30 11:40:08 +00:00
/**
2010-07-22 08:14:49 +00:00
* Restarts this session .
2008-05-30 11:40:08 +00:00
*
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-07-22 08:14:49 +00:00
public static function renew () {
2010-07-22 07:53:47 +00:00
if ( session_id ()) {
2012-09-21 22:34:37 +00:00
if ( session_id () || isset ( $_COOKIE [ session_name ()])) {
2010-06-23 01:25:04 +00:00
setcookie ( Configure :: read ( 'Session.cookie' ), '' , time () - 42000 , self :: $path );
2008-05-30 11:40:08 +00:00
}
2008-10-12 03:29:10 +00:00
session_regenerate_id ( true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 19:18:37 +00:00
2008-05-30 11:40:08 +00:00
/**
* Helper method to set an internal error message .
*
* @ param integer $errorNumber Number of the error
* @ param string $errorMessage Description of the error
2008-09-25 16:49:56 +00:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2011-08-20 04:43:34 +00:00
protected static function _setError ( $errorNumber , $errorMessage ) {
2010-06-23 01:25:04 +00:00
if ( self :: $error === false ) {
self :: $error = array ();
2008-05-30 11:40:08 +00:00
}
2010-06-23 01:25:04 +00:00
self :: $error [ $errorNumber ] = $errorMessage ;
self :: $lastError = $errorNumber ;
2008-05-30 11:40:08 +00:00
}
2012-03-04 19:18:04 +00:00
2010-07-25 15:42:05 +00:00
}