2015-08-17 17:00:26 -07:00
< ? php
/*
* This file is part of the Symfony package .
*
* ( c ) Fabien Potencier < fabien @ symfony . com >
*
* For the full copyright and license information , please view the LICENSE
* file that was distributed with this source code .
*/
namespace Symfony\Component\HttpFoundation\Session\Storage ;
use Symfony\Component\HttpFoundation\Session\SessionBagInterface ;
2018-11-23 12:29:20 +00:00
use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler ;
2015-08-17 17:00:26 -07:00
use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy ;
use Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy ;
/**
* This provides a base class for session attribute storage .
*
* @ author Drak < drak @ zikula . org >
*/
class NativeSessionStorage implements SessionStorageInterface
{
/**
* @ var SessionBagInterface []
*/
2018-11-23 12:29:20 +00:00
protected $bags = array ();
2015-08-17 17:00:26 -07:00
/**
* @ var bool
*/
protected $started = false ;
/**
* @ var bool
*/
protected $closed = false ;
/**
2018-11-23 12:29:20 +00:00
* @ var AbstractProxy | \SessionHandlerInterface
2015-08-17 17:00:26 -07:00
*/
protected $saveHandler ;
/**
* @ var MetadataBag
*/
protected $metadataBag ;
/**
* Depending on how you want the storage driver to behave you probably
* want to override this constructor entirely .
*
* List of options for $options array with their defaults .
*
* @ see http :// php . net / session . configuration for options
* but we omit 'session.' from the beginning of the keys for convenience .
*
* ( " auto_start " , is not supported as it tells PHP to start a session before
* PHP starts to execute user - land code . Setting during runtime has no effect ) .
*
2015-11-17 13:42:33 -08:00
* cache_limiter , " " ( use " 0 " to prevent headers from being sent entirely ) .
2018-11-23 12:29:20 +00:00
* cache_expire , " 0 "
2015-08-17 17:00:26 -07:00
* cookie_domain , " "
* cookie_httponly , " "
* cookie_lifetime , " 0 "
* cookie_path , " / "
* cookie_secure , " "
* entropy_file , " "
* entropy_length , " 0 "
* gc_divisor , " 100 "
* gc_maxlifetime , " 1440 "
* gc_probability , " 1 "
* hash_bits_per_character , " 4 "
* hash_function , " 0 "
2018-11-23 12:29:20 +00:00
* lazy_write , " 1 "
2015-08-17 17:00:26 -07:00
* name , " PHPSESSID "
* referer_check , " "
* serialize_handler , " php "
2017-07-03 16:47:07 +01:00
* use_strict_mode , " 0 "
2015-08-17 17:00:26 -07:00
* use_cookies , " 1 "
* use_only_cookies , " 1 "
* use_trans_sid , " 0 "
* upload_progress . enabled , " 1 "
* upload_progress . cleanup , " 1 "
* upload_progress . prefix , " upload_progress_ "
* upload_progress . name , " PHP_SESSION_UPLOAD_PROGRESS "
* upload_progress . freq , " 1% "
* upload_progress . min - freq , " 1 "
* url_rewriter . tags , " a=href,area=href,frame=src,form=,fieldset= "
2018-11-23 12:29:20 +00:00
* sid_length , " 32 "
* sid_bits_per_character , " 5 "
* trans_sid_hosts , $_SERVER [ 'HTTP_HOST' ]
* trans_sid_tags , " a=href,area=href,frame=src,form= "
2015-08-17 17:00:26 -07:00
*
2018-11-23 12:29:20 +00:00
* @ param array $options Session configuration options
* @ param \SessionHandlerInterface | null $handler
* @ param MetadataBag $metaBag MetadataBag
2015-08-17 17:00:26 -07:00
*/
public function __construct ( array $options = array (), $handler = null , MetadataBag $metaBag = null )
{
2018-11-23 12:29:20 +00:00
$options += array (
'cache_limiter' => '' ,
'cache_expire' => 0 ,
'use_cookies' => 1 ,
'lazy_write' => 1 ,
);
2015-08-17 17:00:26 -07:00
2016-04-20 09:56:34 -07:00
session_register_shutdown ();
2015-08-17 17:00:26 -07:00
$this -> setMetadataBag ( $metaBag );
$this -> setOptions ( $options );
$this -> setSaveHandler ( $handler );
}
/**
* Gets the save handler instance .
*
2018-11-23 12:29:20 +00:00
* @ return AbstractProxy | \SessionHandlerInterface
2015-08-17 17:00:26 -07:00
*/
public function getSaveHandler ()
{
return $this -> saveHandler ;
}
/**
* { @ inheritdoc }
*/
public function start ()
{
if ( $this -> started ) {
return true ;
}
2018-11-23 12:29:20 +00:00
if ( \PHP_SESSION_ACTIVE === session_status ()) {
2015-08-17 17:00:26 -07:00
throw new \RuntimeException ( 'Failed to start the session: already started by PHP.' );
}
if ( ini_get ( 'session.use_cookies' ) && headers_sent ( $file , $line )) {
throw new \RuntimeException ( sprintf ( 'Failed to start the session because headers have already been sent by "%s" at line %d.' , $file , $line ));
}
// ok to try and start the session
if ( ! session_start ()) {
throw new \RuntimeException ( 'Failed to start the session' );
}
$this -> loadSession ();
return true ;
}
/**
* { @ inheritdoc }
*/
public function getId ()
{
return $this -> saveHandler -> getId ();
}
/**
* { @ inheritdoc }
*/
public function setId ( $id )
{
$this -> saveHandler -> setId ( $id );
}
/**
* { @ inheritdoc }
*/
public function getName ()
{
return $this -> saveHandler -> getName ();
}
/**
* { @ inheritdoc }
*/
public function setName ( $name )
{
$this -> saveHandler -> setName ( $name );
}
/**
* { @ inheritdoc }
*/
public function regenerate ( $destroy = false , $lifetime = null )
{
2015-11-17 13:42:33 -08:00
// Cannot regenerate the session ID for non-active sessions.
2018-11-23 12:29:20 +00:00
if ( \PHP_SESSION_ACTIVE !== session_status ()) {
2015-11-17 13:42:33 -08:00
return false ;
}
2018-11-23 12:29:20 +00:00
if ( headers_sent ()) {
2015-11-17 13:42:33 -08:00
return false ;
}
2015-08-17 17:00:26 -07:00
if ( null !== $lifetime ) {
ini_set ( 'session.cookie_lifetime' , $lifetime );
}
if ( $destroy ) {
$this -> metadataBag -> stampNew ();
}
2015-08-27 12:03:05 -07:00
$isRegenerated = session_regenerate_id ( $destroy );
// The reference to $_SESSION in session bags is lost in PHP7 and we need to re-create it.
// @see https://bugs.php.net/bug.php?id=70013
$this -> loadSession ();
return $isRegenerated ;
2015-08-17 17:00:26 -07:00
}
/**
* { @ inheritdoc }
*/
public function save ()
{
2018-11-23 12:29:20 +00:00
$session = $_SESSION ;
foreach ( $this -> bags as $bag ) {
if ( empty ( $_SESSION [ $key = $bag -> getStorageKey ()])) {
unset ( $_SESSION [ $key ]);
}
}
if ( array ( $key = $this -> metadataBag -> getStorageKey ()) === array_keys ( $_SESSION )) {
unset ( $_SESSION [ $key ]);
}
// Register error handler to add information about the current save handler
$previousHandler = set_error_handler ( function ( $type , $msg , $file , $line ) use ( & $previousHandler ) {
if ( E_WARNING === $type && 0 === strpos ( $msg , 'session_write_close():' )) {
$handler = $this -> saveHandler instanceof SessionHandlerProxy ? $this -> saveHandler -> getHandler () : $this -> saveHandler ;
$msg = sprintf ( 'session_write_close(): Failed to write session data with "%s" handler' , \get_class ( $handler ));
}
return $previousHandler ? $previousHandler ( $type , $msg , $file , $line ) : false ;
});
2015-08-17 17:00:26 -07:00
2018-11-23 12:29:20 +00:00
try {
session_write_close ();
} finally {
restore_error_handler ();
$_SESSION = $session ;
2015-08-17 17:00:26 -07:00
}
$this -> closed = true ;
$this -> started = false ;
}
/**
* { @ inheritdoc }
*/
public function clear ()
{
// clear out the bags
foreach ( $this -> bags as $bag ) {
$bag -> clear ();
}
// clear out the session
$_SESSION = array ();
// reconnect the bags to the session
$this -> loadSession ();
}
/**
* { @ inheritdoc }
*/
public function registerBag ( SessionBagInterface $bag )
{
2016-04-20 09:56:34 -07:00
if ( $this -> started ) {
throw new \LogicException ( 'Cannot register a bag when the session is already started.' );
}
2015-08-17 17:00:26 -07:00
$this -> bags [ $bag -> getName ()] = $bag ;
}
/**
* { @ inheritdoc }
*/
public function getBag ( $name )
{
if ( ! isset ( $this -> bags [ $name ])) {
throw new \InvalidArgumentException ( sprintf ( 'The SessionBagInterface %s is not registered.' , $name ));
}
2018-11-23 12:29:20 +00:00
if ( ! $this -> started && $this -> saveHandler -> isActive ()) {
2015-08-17 17:00:26 -07:00
$this -> loadSession ();
} elseif ( ! $this -> started ) {
$this -> start ();
}
return $this -> bags [ $name ];
}
public function setMetadataBag ( MetadataBag $metaBag = null )
{
if ( null === $metaBag ) {
$metaBag = new MetadataBag ();
}
$this -> metadataBag = $metaBag ;
}
/**
* Gets the MetadataBag .
*
* @ return MetadataBag
*/
public function getMetadataBag ()
{
return $this -> metadataBag ;
}
/**
* { @ inheritdoc }
*/
public function isStarted ()
{
return $this -> started ;
}
/**
* Sets session .* ini variables .
*
* For convenience we omit 'session.' from the beginning of the keys .
* Explicitly ignores other ini keys .
*
2017-02-02 16:28:38 -08:00
* @ param array $options Session ini directives array ( key => value )
2015-08-17 17:00:26 -07:00
*
* @ see http :// php . net / session . configuration
*/
public function setOptions ( array $options )
{
2018-11-23 12:29:20 +00:00
if ( headers_sent () || \PHP_SESSION_ACTIVE === session_status ()) {
return ;
}
2015-08-17 17:00:26 -07:00
$validOptions = array_flip ( array (
2018-11-23 12:29:20 +00:00
'cache_expire' , 'cache_limiter' , 'cookie_domain' , 'cookie_httponly' ,
2015-08-17 17:00:26 -07:00
'cookie_lifetime' , 'cookie_path' , 'cookie_secure' ,
'entropy_file' , 'entropy_length' , 'gc_divisor' ,
'gc_maxlifetime' , 'gc_probability' , 'hash_bits_per_character' ,
2018-11-23 12:29:20 +00:00
'hash_function' , 'lazy_write' , 'name' , 'referer_check' ,
2017-07-03 16:47:07 +01:00
'serialize_handler' , 'use_strict_mode' , 'use_cookies' ,
2015-08-17 17:00:26 -07:00
'use_only_cookies' , 'use_trans_sid' , 'upload_progress.enabled' ,
'upload_progress.cleanup' , 'upload_progress.prefix' , 'upload_progress.name' ,
2018-11-23 12:29:20 +00:00
'upload_progress.freq' , 'upload_progress.min_freq' , 'url_rewriter.tags' ,
'sid_length' , 'sid_bits_per_character' , 'trans_sid_hosts' , 'trans_sid_tags' ,
2015-08-17 17:00:26 -07:00
));
foreach ( $options as $key => $value ) {
if ( isset ( $validOptions [ $key ])) {
2018-11-23 12:29:20 +00:00
ini_set ( 'url_rewriter.tags' !== $key ? 'session.' . $key : $key , $value );
2015-08-17 17:00:26 -07:00
}
}
}
/**
* Registers session save handler as a PHP session handler .
*
* To use internal PHP session save handlers , override this method using ini_set with
* session . save_handler and session . save_path e . g .
*
* ini_set ( 'session.save_handler' , 'files' );
2016-04-20 09:56:34 -07:00
* ini_set ( 'session.save_path' , '/tmp' );
2015-08-17 17:00:26 -07:00
*
2018-11-23 12:29:20 +00:00
* or pass in a \SessionHandler instance which configures session . save_handler in the
2015-08-17 17:00:26 -07:00
* constructor , for a template see NativeFileSessionHandler or use handlers in
* composer package drak / native - session
*
* @ see http :// php . net / session - set - save - handler
* @ see http :// php . net / sessionhandlerinterface
* @ see http :// php . net / sessionhandler
* @ see http :// github . com / drak / NativeSession
*
2018-11-23 12:29:20 +00:00
* @ param \SessionHandlerInterface | null $saveHandler
2015-08-17 17:00:26 -07:00
*
* @ throws \InvalidArgumentException
*/
public function setSaveHandler ( $saveHandler = null )
{
if ( ! $saveHandler instanceof AbstractProxy &&
! $saveHandler instanceof \SessionHandlerInterface &&
null !== $saveHandler ) {
2018-11-23 12:29:20 +00:00
throw new \InvalidArgumentException ( 'Must be instance of AbstractProxy; implement \SessionHandlerInterface; or be null.' );
2015-08-17 17:00:26 -07:00
}
// Wrap $saveHandler in proxy and prevent double wrapping of proxy
if ( ! $saveHandler instanceof AbstractProxy && $saveHandler instanceof \SessionHandlerInterface ) {
$saveHandler = new SessionHandlerProxy ( $saveHandler );
} elseif ( ! $saveHandler instanceof AbstractProxy ) {
2018-11-23 12:29:20 +00:00
$saveHandler = new SessionHandlerProxy ( new StrictSessionHandler ( new \SessionHandler ()));
2015-08-17 17:00:26 -07:00
}
$this -> saveHandler = $saveHandler ;
2018-11-23 12:29:20 +00:00
if ( headers_sent () || \PHP_SESSION_ACTIVE === session_status ()) {
return ;
}
if ( $this -> saveHandler instanceof SessionHandlerProxy ) {
session_set_save_handler ( $this -> saveHandler , false );
2015-08-17 17:00:26 -07:00
}
}
/**
* Load the session with attributes .
*
* After starting the session , PHP retrieves the session from whatever handlers
* are set to ( either PHP ' s internal , or a custom save handler set with session_set_save_handler ()) .
* PHP takes the return value from the read () handler , unserializes it
* and populates $_SESSION with the result automatically .
*/
protected function loadSession ( array & $session = null )
{
if ( null === $session ) {
$session = & $_SESSION ;
}
$bags = array_merge ( $this -> bags , array ( $this -> metadataBag ));
foreach ( $bags as $bag ) {
$key = $bag -> getStorageKey ();
$session [ $key ] = isset ( $session [ $key ]) ? $session [ $key ] : array ();
$bag -> initialize ( $session [ $key ]);
}
$this -> started = true ;
$this -> closed = false ;
}
}
