You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
155 lines
5.0 KiB
155 lines
5.0 KiB
<?php |
|
|
|
/* |
|
* This file is part of the Symfony package. |
|
* |
|
* (c) Fabien Potencier <fabien@symfony.com> |
|
* |
|
* For the full copyright and license information, please view the LICENSE |
|
* file that was distributed with this source code. |
|
*/ |
|
|
|
namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; |
|
|
|
use Symfony\Component\HttpFoundation\Session\SessionUtils; |
|
|
|
/** |
|
* This abstract session handler provides a generic implementation |
|
* of the PHP 7.0 SessionUpdateTimestampHandlerInterface, |
|
* enabling strict and lazy session handling. |
|
* |
|
* @author Nicolas Grekas <p@tchwork.com> |
|
*/ |
|
abstract class AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface |
|
{ |
|
private $sessionName; |
|
private $prefetchId; |
|
private $prefetchData; |
|
private $newSessionId; |
|
private $igbinaryEmptyData; |
|
|
|
/** |
|
* @return bool |
|
*/ |
|
#[\ReturnTypeWillChange] |
|
public function open($savePath, $sessionName) |
|
{ |
|
$this->sessionName = $sessionName; |
|
if (!headers_sent() && !\ini_get('session.cache_limiter') && '0' !== \ini_get('session.cache_limiter')) { |
|
header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) \ini_get('session.cache_expire'))); |
|
} |
|
|
|
return true; |
|
} |
|
|
|
/** |
|
* @return string |
|
*/ |
|
abstract protected function doRead(string $sessionId); |
|
|
|
/** |
|
* @return bool |
|
*/ |
|
abstract protected function doWrite(string $sessionId, string $data); |
|
|
|
/** |
|
* @return bool |
|
*/ |
|
abstract protected function doDestroy(string $sessionId); |
|
|
|
/** |
|
* @return bool |
|
*/ |
|
#[\ReturnTypeWillChange] |
|
public function validateId($sessionId) |
|
{ |
|
$this->prefetchData = $this->read($sessionId); |
|
$this->prefetchId = $sessionId; |
|
|
|
if (\PHP_VERSION_ID < 70317 || (70400 <= \PHP_VERSION_ID && \PHP_VERSION_ID < 70405)) { |
|
// work around https://bugs.php.net/79413 |
|
foreach (debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS) as $frame) { |
|
if (!isset($frame['class']) && isset($frame['function']) && \in_array($frame['function'], ['session_regenerate_id', 'session_create_id'], true)) { |
|
return '' === $this->prefetchData; |
|
} |
|
} |
|
} |
|
|
|
return '' !== $this->prefetchData; |
|
} |
|
|
|
/** |
|
* @return string |
|
*/ |
|
#[\ReturnTypeWillChange] |
|
public function read($sessionId) |
|
{ |
|
if (null !== $this->prefetchId) { |
|
$prefetchId = $this->prefetchId; |
|
$prefetchData = $this->prefetchData; |
|
$this->prefetchId = $this->prefetchData = null; |
|
|
|
if ($prefetchId === $sessionId || '' === $prefetchData) { |
|
$this->newSessionId = '' === $prefetchData ? $sessionId : null; |
|
|
|
return $prefetchData; |
|
} |
|
} |
|
|
|
$data = $this->doRead($sessionId); |
|
$this->newSessionId = '' === $data ? $sessionId : null; |
|
|
|
return $data; |
|
} |
|
|
|
/** |
|
* @return bool |
|
*/ |
|
#[\ReturnTypeWillChange] |
|
public function write($sessionId, $data) |
|
{ |
|
if (null === $this->igbinaryEmptyData) { |
|
// see https://github.com/igbinary/igbinary/issues/146 |
|
$this->igbinaryEmptyData = \function_exists('igbinary_serialize') ? igbinary_serialize([]) : ''; |
|
} |
|
if ('' === $data || $this->igbinaryEmptyData === $data) { |
|
return $this->destroy($sessionId); |
|
} |
|
$this->newSessionId = null; |
|
|
|
return $this->doWrite($sessionId, $data); |
|
} |
|
|
|
/** |
|
* @return bool |
|
*/ |
|
#[\ReturnTypeWillChange] |
|
public function destroy($sessionId) |
|
{ |
|
if (!headers_sent() && filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOLEAN)) { |
|
if (!$this->sessionName) { |
|
throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class)); |
|
} |
|
$cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId); |
|
|
|
/* |
|
* We send an invalidation Set-Cookie header (zero lifetime) |
|
* when either the session was started or a cookie with |
|
* the session name was sent by the client (in which case |
|
* we know it's invalid as a valid session cookie would've |
|
* started the session). |
|
*/ |
|
if (null === $cookie || isset($_COOKIE[$this->sessionName])) { |
|
if (\PHP_VERSION_ID < 70300) { |
|
setcookie($this->sessionName, '', 0, \ini_get('session.cookie_path'), \ini_get('session.cookie_domain'), filter_var(\ini_get('session.cookie_secure'), \FILTER_VALIDATE_BOOLEAN), filter_var(\ini_get('session.cookie_httponly'), \FILTER_VALIDATE_BOOLEAN)); |
|
} else { |
|
$params = session_get_cookie_params(); |
|
unset($params['lifetime']); |
|
setcookie($this->sessionName, '', $params); |
|
} |
|
} |
|
} |
|
|
|
return $this->newSessionId === $sessionId || $this->doDestroy($sessionId); |
|
} |
|
}
|
|
|