172 lines
5.4 KiB
PHP
172 lines
5.4 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Component\HttpFoundation\Session\Storage\Handler;
|
|
|
|
use Symfony\Component\HttpFoundation\Session\SessionUtils;
|
|
|
|
/**
|
|
* This abstract session handler provides a generic implementation
|
|
* of the PHP 7.0 SessionUpdateTimestampHandlerInterface,
|
|
* enabling strict and lazy session handling.
|
|
*
|
|
* @author Nicolas Grekas <p@tchwork.com>
|
|
*/
|
|
abstract class AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface
|
|
{
|
|
private $sessionName;
|
|
private $prefetchId;
|
|
private $prefetchData;
|
|
private $newSessionId;
|
|
private $igbinaryEmptyData;
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function open($savePath, $sessionName)
|
|
{
|
|
$this->sessionName = $sessionName;
|
|
if (!headers_sent() && !ini_get('session.cache_limiter') && '0' !== ini_get('session.cache_limiter')) {
|
|
header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) ini_get('session.cache_expire')));
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param string $sessionId
|
|
*
|
|
* @return string
|
|
*/
|
|
abstract protected function doRead($sessionId);
|
|
|
|
/**
|
|
* @param string $sessionId
|
|
* @param string $data
|
|
*
|
|
* @return bool
|
|
*/
|
|
abstract protected function doWrite($sessionId, $data);
|
|
|
|
/**
|
|
* @param string $sessionId
|
|
*
|
|
* @return bool
|
|
*/
|
|
abstract protected function doDestroy($sessionId);
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function validateId($sessionId)
|
|
{
|
|
$this->prefetchData = $this->read($sessionId);
|
|
$this->prefetchId = $sessionId;
|
|
|
|
if (\PHP_VERSION_ID < 70317 || (70400 <= \PHP_VERSION_ID && \PHP_VERSION_ID < 70405)) {
|
|
// work around https://bugs.php.net/79413
|
|
foreach (debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS) as $frame) {
|
|
if (!isset($frame['class']) && isset($frame['function']) && \in_array($frame['function'], ['session_regenerate_id', 'session_create_id'], true)) {
|
|
return '' === $this->prefetchData;
|
|
}
|
|
}
|
|
}
|
|
|
|
return '' !== $this->prefetchData;
|
|
}
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function read($sessionId)
|
|
{
|
|
if (null !== $this->prefetchId) {
|
|
$prefetchId = $this->prefetchId;
|
|
$prefetchData = $this->prefetchData;
|
|
$this->prefetchId = $this->prefetchData = null;
|
|
|
|
if ($prefetchId === $sessionId || '' === $prefetchData) {
|
|
$this->newSessionId = '' === $prefetchData ? $sessionId : null;
|
|
|
|
return $prefetchData;
|
|
}
|
|
}
|
|
|
|
$data = $this->doRead($sessionId);
|
|
$this->newSessionId = '' === $data ? $sessionId : null;
|
|
if (\PHP_VERSION_ID < 70000) {
|
|
$this->prefetchData = $data;
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function write($sessionId, $data)
|
|
{
|
|
if (\PHP_VERSION_ID < 70000 && $this->prefetchData) {
|
|
$readData = $this->prefetchData;
|
|
$this->prefetchData = null;
|
|
|
|
if ($readData === $data) {
|
|
return $this->updateTimestamp($sessionId, $data);
|
|
}
|
|
}
|
|
if (null === $this->igbinaryEmptyData) {
|
|
// see https://github.com/igbinary/igbinary/issues/146
|
|
$this->igbinaryEmptyData = \function_exists('igbinary_serialize') ? igbinary_serialize([]) : '';
|
|
}
|
|
if ('' === $data || $this->igbinaryEmptyData === $data) {
|
|
return $this->destroy($sessionId);
|
|
}
|
|
$this->newSessionId = null;
|
|
|
|
return $this->doWrite($sessionId, $data);
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
public function destroy($sessionId)
|
|
{
|
|
if (\PHP_VERSION_ID < 70000) {
|
|
$this->prefetchData = null;
|
|
}
|
|
if (!headers_sent() && filter_var(ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOLEAN)) {
|
|
if (!$this->sessionName) {
|
|
throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class));
|
|
}
|
|
$cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);
|
|
|
|
/*
|
|
* We send an invalidation Set-Cookie header (zero lifetime)
|
|
* when either the session was started or a cookie with
|
|
* the session name was sent by the client (in which case
|
|
* we know it's invalid as a valid session cookie would've
|
|
* started the session).
|
|
*/
|
|
if (null === $cookie || isset($_COOKIE[$this->sessionName])) {
|
|
if (\PHP_VERSION_ID < 70300) {
|
|
setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), \FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), \FILTER_VALIDATE_BOOLEAN));
|
|
} else {
|
|
$params = session_get_cookie_params();
|
|
unset($params['lifetime']);
|
|
setcookie($this->sessionName, '', $params);
|
|
}
|
|
}
|
|
}
|
|
|
|
return $this->newSessionId === $sessionId || $this->doDestroy($sessionId);
|
|
}
|
|
}
|