Documentation

Session extends RecursiveArrayAccess
in package
implements SessionHandlerInterface

Session

Tags
copyright

CLOUDREXX CMS - CLOUDREXX AG

author

Leandro Nery nery@astalavista.com

author

Ivan Schmid ivan.schmid@comvation.com

author

Michael Ritter michael.ritter@cloudrexx.com

version
1.0.0
subpackage

core_session

Table of Contents

Interfaces

SessionHandlerInterface

Constants

SESSION_NAME  = 'clxsid'
Name of the session cookie
SESSION_SID_CHAR_CLASS  = '[0-9a-v]'
Regular expression to match a session ID.
SESSION_SID_LENGTH  = 32
Length of the session ID
VARIABLE_KEY_MAX_LENGTH  = 100
Maximum allowed length of a session variable key.

Properties

$instance  : self
Instance of class for use in the singelton pattern.
$sessionid  : string
The session id.
$status  : string
session status available options (frontend or backend)
$userId  : int
User Id of logged user
$allowInitialization  : bool
If set to `false` then {@see static::getInstance()} will not initialize a new session instance.
$callableOnGet  : callable
Callable funtion on offsetGet
$callableOnSanitizeKey  : callable
Callable function on callableOnSanitizeKey
$callableOnSet  : callable
Callable funtion on offsetSet
$callableOnUnset  : callable
Callable funtion on offsetUnset
$callableOnValidateKey  : callable
Callable function on callableOnValidateKey
$data  : array<string|int, mixed>
Internal data array.
$dirt  : array<string|int, mixed>
$id  : int
$initToken  : string
$needPathInit  : mixed
Whether we need to initialize the session path
$offset  : string
Path of the current array
$parentId  : int
$defaultLifetime  : int
Default life time of server Configurable from $_CONFIG
$defaultLifetimeRememberMe  : int
Default rememver me time limit Configurable from $_CONFIG
$discardChanges  : bool
Do not write session data into database when its true
$lifetime  : int
session lifetime session will expire after inactivity of given lifetime
$locks  : array<string|int, mixed>
Created session locks
$rememberMe  : bool
Remember me
$sessionLockTime  : int
Session Lock time
$sessionPath  : string
temp session storage path
$sessionPathPrefix  : string
session prefix

Methods

__construct()  : mixed
Default object constructor.
clean()  : mixed
Empties the offset with values which were changed.
cleanTempPaths()  : mixed
Clear temp path's which are not in use
close()  : bool
{@inheritdoc} This will release all acquired session locks {@see static::releaseLocks()}.
cmsSessionDestroyByUserId()  : bool
Destroy session by given user id
cmsSessionError()  : mixed
Callable on session error
cmsSessionExpand()  : mixed
expands a running session by @link Session::lifetime seconds.
cmsSessionStatusUpdate()  : bool
Update user status (frontend or backend)
cmsSessionUserUpdate()  : bool
Update the user id of the current session
count()  : int
Get the count of elements in the container array.
current()  : mixed
Current position of the array.
destroy()  : bool
{@inheritdoc}
discard()  : mixed
Discards the active session for the current request
discardChanges()  : mixed
Discard changes made to the $_SESSION-array.
gc()  : bool
Delete expired session (and orphaned variable) records
getDataFromKey()  : RecursiveArrayAccess
Read the data from database using variable id
getFromDb()  : null|RecursiveArrayAccess|string|int
Get lock and retrive the values from database Callable from Recursive array access class on offsetGet
getIdOfActiveSession()  : string
Get ID of active session
getInitToken()  : string
Returns the init token for this session. Generates one if necessary.
getInstance()  : mixed
Get the session instance or initialize a new one if non is present yet
getInstanceByToken()  : Session|null
Return the session matching the given token
getLock()  : mixed
Create's the lock in database
getLockName()  : string
Return's mysql lock name
getSessionName()  : string
Get the name of the session cookie
getTempPath()  : string|bool
Returns current session's temp path
getValidIdFromRequest()  : string
Get valid session ID from current request
getVariableKeyMaxLength()  : int
Return the maximum length of a session variable key.
getWebTempPath()  : string
Gets a web temp path.
isDirty()  : bool
Checks if a value is dirty.
isInitialized()  : bool
Return true if the session is initialized and false otherwise.
key()  : mixed
Key of the current element.
next()  : void
Move the internal point of the container array to the next item
offsetExists()  : bool
check a offset exists
offsetGet()  : mixed
Offset to retrieve
offsetSet()  : void
Offset to set
offsetUnset()  : null
Offset to unset
open()  : bool
Callable method on session open
pollute()  : mixed
Pollutes a value.
read()  : string
Callable on session read
readData()  : mixed
Read the data from database and assign it into $_SESSION array
recursiveOffsetExists()  : bool
This function checks if the value of an array-index, which is not on first level of the main array, is set e.g $array['level1']['level2']['level3']
recursiveOffsetGet()  : mixed
This function returns the value of an array-index which is not on first level of the main array e.g $array['level1']['level2']['level3']
recursiveOffsetSet()  : mixed
This function sets the value of an array-index which is not on first level of the main array e.g $array['level1']['level2']['level3'] If the previous index i.e ['level1'] is not set it will be set to array.
releaseLock()  : mixed
Release the mysql lock
removeFromSession()  : mixed
Remove the session key and sub keys by given offset and parent id Callable from RecursiveArrayAccess class on offsetUnset
removeKeyFromDb()  : mixed
Remove the session variable and its sub entries from database by given id
rewind()  : void
Rewind the internal point of the container array.
sessionExists()  : bool
Check if a session exists
toArray()  : array<string|int, mixed>
Output the data as a multidimensional array.
updateToDb()  : mixed
Update given object to database Callable from RecursiveArrayAccess class on offsetSet
valid()  : bool
Is the current key valid?
validateSessionKeyLength()  : bool
Ensure that the used parameter name complies with the session restrictions defined for variable keys, as the parameter name is being used as a sesison-variable-key.
write()  : bool
{@inheritdoc}
generateInitToken()  : void
Generates a new init token for this session
getClientHash()  : string
Get the client hash to be used to map the session ID to.
initCookieConfig()  : mixed
Initialize session cookie configuration
initRememberMe()  : mixed
Initializes the status of remember me.
initSessionLifetime()  : mixed
Sets the default session lifetimes and lifetime of the current session.
initTempPath()  : bool
Create a private session folder and add write access to it.
isSecureSessionConfig()  : bool
Verifies that a secure session can be initialized.
isValidSessionId()  : bool
Verify the scheme of a session id
releaseLocks()  : mixed
It release all created locks
restoreDebuggingParams()  : mixed
Expands debugging behaviour with behaviour stored in session if specified and active.
unloadUser()  : void
updateTimeStamp()  : mixed
Update the lastupdated timestamp value in database

Constants

SESSION_NAME

Name of the session cookie

public string SESSION_NAME = 'clxsid'

SESSION_SID_CHAR_CLASS

Regular expression to match a session ID.

public string SESSION_SID_CHAR_CLASS = '[0-9a-v]'

The valid characters are defined by session.sid_bits_per_character.

SESSION_SID_LENGTH

Length of the session ID

public int SESSION_SID_LENGTH = 32

VARIABLE_KEY_MAX_LENGTH

Maximum allowed length of a session variable key.

public int VARIABLE_KEY_MAX_LENGTH = 100

This maximum length is defined by the associated database field core_session_variable.key.

Properties

$instance

Instance of class for use in the singelton pattern.

public static self $instance

$status

session status available options (frontend or backend)

public string $status

$allowInitialization

If set to `false` then {@see static::getInstance()} will not initialize a new session instance.

protected static bool $allowInitialization = true

Calling static::discard() will set this to false.

$initToken

protected string $initToken = ''

Token to init of the session for CORS requests

$needPathInit

Whether we need to initialize the session path

protected mixed $needPathInit = true

$defaultLifetime

Default life time of server Configurable from $_CONFIG

private int $defaultLifetime

$defaultLifetimeRememberMe

Default rememver me time limit Configurable from $_CONFIG

private int $defaultLifetimeRememberMe

$discardChanges

Do not write session data into database when its true

private bool $discardChanges = false

$lifetime

session lifetime session will expire after inactivity of given lifetime

private int $lifetime

$locks

Created session locks

private array<string|int, mixed> $locks = array()

$sessionLockTime

Session Lock time

private static int $sessionLockTime = 10

$sessionPath

temp session storage path

private string $sessionPath

$sessionPathPrefix

session prefix

private string $sessionPathPrefix = 'session_'

Methods

__construct()

Default object constructor.

public __construct() : mixed

clean()

Empties the offset with values which were changed.

public clean(mixed $offset) : mixed
Parameters
$offset : mixed

cleanTempPaths()

Clear temp path's which are not in use

public cleanTempPaths() : mixed

close()

{@inheritdoc} This will release all acquired session locks {@see static::releaseLocks()}.

public close() : bool

As the session write event will never get triggered, we do flush the data to the database here in the close event.

Tags
internal

This method must not be called directly. Instead call session_write_close().

Return values
bool

true

cmsSessionDestroyByUserId()

Destroy session by given user id

public cmsSessionDestroyByUserId(int $userId) : bool
Parameters
$userId : int
Return values
bool

cmsSessionError()

Callable on session error

public cmsSessionError() : mixed

cmsSessionExpand()

expands a running session by @link Session::lifetime seconds.

public cmsSessionExpand() : mixed

called on pageload.

cmsSessionStatusUpdate()

Update user status (frontend or backend)

public cmsSessionStatusUpdate([string $status = "" ]) : bool
Parameters
$status : string = ""
Return values
bool

cmsSessionUserUpdate()

Update the user id of the current session

public cmsSessionUserUpdate([int $userId = 0 ]) : bool
Parameters
$userId : int = 0
Return values
bool

destroy()

{@inheritdoc}

public destroy([mixed $aKey = '' ][, mixed $destroyCookie = true ]) : bool

Call directly to destroy the active session.

Parameters
$aKey : mixed = ''
$destroyCookie : mixed = true
Return values
bool

discard()

Discards the active session for the current request

public discard() : mixed

This will close the current session without persisting its state. Any changes made to $_SESSION will be lost. Any further attempt to initialize the session again or a new session will fail for this request. If a user is currently signed-in, then the user will be signed-out, but only for the rest of this request. However session reinitialization is still possible in a new Cx request.

discardChanges()

Discard changes made to the $_SESSION-array.

public discardChanges() : mixed

If called, this method causes the session not to store any changes made to the $_SESSION-array to the database. Use this method when doing multiple ajax-requests simultaneously to prevent an unwanted session overwrite.

gc()

Delete expired session (and orphaned variable) records

public gc(int $maxlifetime) : bool

The method parameter is ignored.

Parameters
$maxlifetime : int

As configured in session.gc_maxlifetime

Attributes
#[ReturnTypeWillChange]
Return values
bool

Always true

getFromDb()

Get lock and retrive the values from database Callable from Recursive array access class on offsetGet

public static getFromDb(string $offset, object $arrObj) : null|RecursiveArrayAccess|string|int
Parameters
$offset : string

Offset

$arrObj : object

object array

Return values
null|RecursiveArrayAccess|string|int

Whatever the value of the offset is.

getIdOfActiveSession()

Get ID of active session

public static getIdOfActiveSession() : string
Tags
throws
Exception

In case no active session exists

Return values
string

ID of active session

getInitToken()

Returns the init token for this session. Generates one if necessary.

public getInitToken([bool $forceNew = false ]) : string
Parameters
$forceNew : bool = false

If set to true a new token is forced. Defaults to false.

Return values
string

Init token

getInstance()

Get the session instance or initialize a new one if non is present yet

public static getInstance([bool $retry = true ]) : mixed
Parameters
$retry : bool = true

Whether or not to retry the session initialization again in case it fails. This will allow the initialization of a new clean session in case an invalid session has been requested.

Return values
mixed

Returns an instance of \Cx\Core\Session\Model\Entity\Session on successful session initialization. If session initialization fails NULL is returned.

getInstanceByToken()

Return the session matching the given token

public static getInstanceByToken(string $sessionId, string $token) : Session|null
Parameters
$sessionId : string

ID of the session to load

$token : string

Token to allow initialization of session

Return values
Session|null

Matching session or null

getLock()

Create's the lock in database

public static getLock(string $offset[, int $lifeTime = 60 ]) : mixed
Parameters
$offset : string

The index (offset) of the session data to fetch a lock for.

$lifeTime : int = 60

Lock time

getLockName()

Return's mysql lock name

public static getLockName(string $key) : string
Parameters
$key : string

lock key

Return values
string

lock name

getSessionName()

Get the name of the session cookie

public static getSessionName() : string
Return values
string

The name of the session cookie.

getTempPath()

Returns current session's temp path

public getTempPath() : string|bool
Return values
string|bool

Returns false if the session's temp path could not be created. Otherwise this method will always return the session's temp path.

getValidIdFromRequest()

Get valid session ID from current request

public static getValidIdFromRequest() : string
Tags
throws
Exception

In case the current request does not contain a valid session ID.

Return values
string

Valid session ID of current requeset.

getVariableKeyMaxLength()

Return the maximum length of a session variable key.

public static getVariableKeyMaxLength() : int
Return values
int

Maximum allowed length of a session variable key.

getWebTempPath()

Gets a web temp path.

public getWebTempPath() : string

This path is needed to work with the File-class from the framework.

Return values
string

isDirty()

Checks if a value is dirty.

public isDirty(mixed $offset) : bool
Parameters
$offset : mixed
Return values
bool

isInitialized()

Return true if the session is initialized and false otherwise.

public static isInitialized() : bool
Return values
bool

true if the session is initialized and false otherwise.

offsetGet()

Offset to retrieve

public offsetGet(mixed $offset) : mixed
Parameters
$offset : mixed

The offset to retrieve.

Attributes
#[ReturnTypeWillChange]
Return values
mixed

Can return all value types.

offsetSet()

Offset to set

public offsetSet(mixed $offset, mixed $data[, mixed $callableOnSet = null ][, mixed $callableOnGet = null ][, mixed $callableOnUnset = null ][, mixed $callableOnValidateKey = null ]) : void
Parameters
$offset : mixed

The offset to assign the value to.

$data : mixed

The value to set.

$callableOnSet : mixed = null
$callableOnGet : mixed = null
$callableOnUnset : mixed = null
$callableOnValidateKey : mixed = null

open()

Callable method on session open

public open(string $save_path, string $session_id) : bool
Parameters
$save_path : string
$session_id : string
Return values
bool

read()

Callable on session read

public read(string $aKey) : string
Parameters
$aKey : string
Attributes
#[ReturnTypeWillChange]
Return values
string

readData()

Read the data from database and assign it into $_SESSION array

public readData() : mixed

recursiveOffsetExists()

This function checks if the value of an array-index, which is not on first level of the main array, is set e.g $array['level1']['level2']['level3']

public recursiveOffsetExists(string $offset[, string $delimiter = '/' ]) : bool
Parameters
$offset : string

string containing the offset e.g 'level1/level2/level3'

$delimiter : string = '/'

the delimiter used in $offset e.g '/'

Tags
throws
RecursiveArrayAccessException
Return values
bool

recursiveOffsetGet()

This function returns the value of an array-index which is not on first level of the main array e.g $array['level1']['level2']['level3']

public recursiveOffsetGet(string $offset[, string $delimiter = '/' ]) : mixed
Parameters
$offset : string

string containing the offset e.g 'level1/level2/level3'

$delimiter : string = '/'

the delimiter used in $offset e.g '/'

Tags
access

public

throws
RecursiveArrayAccessException
Return values
mixed

value of the array index

recursiveOffsetSet()

This function sets the value of an array-index which is not on first level of the main array e.g $array['level1']['level2']['level3'] If the previous index i.e ['level1'] is not set it will be set to array.

public recursiveOffsetSet(mixed $value, string $offset[, string $delimiter = '/' ]) : mixed

Note: If it is set but not an array it will be overwritten

Parameters
$value : mixed

the value which should be set

$offset : string

string containing the offset e.g 'level1/level2/level3'

$delimiter : string = '/'

the delimiter used in $offset e.g '/'

Tags
access

public

releaseLock()

Release the mysql lock

public releaseLock(string $key) : mixed
Parameters
$key : string

Lock name to released

removeFromSession()

Remove the session key and sub keys by given offset and parent id Callable from RecursiveArrayAccess class on offsetUnset

public static removeFromSession(string $offset, int $parentId) : mixed
Parameters
$offset : string

session key name

$parentId : int

parent id of the given session offset

removeKeyFromDb()

Remove the session variable and its sub entries from database by given id

public static removeKeyFromDb(int $keyId) : mixed
Parameters
$keyId : int

sessionExists()

Check if a session exists

public static sessionExists([string $sessionId = '' ][, string $initToken = '' ]) : bool

If a session-ID is passed as $sessionId, then it will check if a session identified by that session-ID is present. Otherwise it will check if a session identified by the session-cookie exists.

Parameters
$sessionId : string = ''

Session-ID to check for

$initToken : string = ''

Token to allow initialization of session

Return values
bool

TRUE if a session exists. Otherwise FALSE.

toArray()

Output the data as a multidimensional array.

public toArray() : array<string|int, mixed>
Return values
array<string|int, mixed>

updateToDb()

Update given object to database Callable from RecursiveArrayAccess class on offsetSet

public static updateToDb(RecursiveArrayAccess $recursiveArrayAccess) : mixed
Parameters
$recursiveArrayAccess : RecursiveArrayAccess

session object array

validateSessionKeyLength()

Ensure that the used parameter name complies with the session restrictions defined for variable keys, as the parameter name is being used as a sesison-variable-key.

public static validateSessionKeyLength(string $sessionKey) : bool
Parameters
$sessionKey : string

The name of the session-variable-key used to store the current paging position.

Tags
throws
Exception
Return values
bool

write()

{@inheritdoc}

public write(mixed $session_id, mixed $session_data) : bool

Important: This method gets never called as this class does overwrite $_SESSION by an instance of this class. As a result PHP will never consider $_SESSION to be ready for storage and will therefore never invoke the session write event.

Parameters
$session_id : mixed
$session_data : mixed
Return values
bool

generateInitToken()

Generates a new init token for this session

protected generateInitToken() : void

getClientHash()

Get the client hash to be used to map the session ID to.

protected getClientHash() : string

The hash is build as follows: hash = md5(User-Agent + Accept-Language)

Return values
string

Hash of the client.

initCookieConfig()

Initialize session cookie configuration

protected initCookieConfig() : mixed

This does set the following:

  • initial lifetime of the cookie
  • httpOnly flag
  • secure flag in case HTTPS is forced in both, back- and frontend
Tags
throws
Exception

If the cookie is only allowed to be transmitted over HTTPS (secure flag), but the request has been made over HTTP, then an exception is thrown to prevent the disclosure of the session ID over HTTP.

initRememberMe()

Initializes the status of remember me.

protected initRememberMe() : mixed
Tags
access

protected

initSessionLifetime()

Sets the default session lifetimes and lifetime of the current session.

protected initSessionLifetime() : mixed
Tags
access

protected

initTempPath()

Create a private session folder and add write access to it.

protected initTempPath() : bool
Return values
bool

true on success, otherwise false.

isSecureSessionConfig()

Verifies that a secure session can be initialized.

protected static isSecureSessionConfig() : bool

If needed it tries to adjust the session config to ensure a secure session can be initialized.

Return values
bool

TRUE if the session config is valid, otherwise FALSE.

isValidSessionId()

Verify the scheme of a session id

protected static isValidSessionId(string $id) : bool
Parameters
$id : string

The session ID to verify.

Return values
bool

TRUE if the session ID $id has a valid format. Otherwise FALSE.

releaseLocks()

It release all created locks

protected releaseLocks() : mixed

restoreDebuggingParams()

Expands debugging behaviour with behaviour stored in session if specified and active.

protected restoreDebuggingParams() : mixed
Tags
access

protected

updateTimeStamp()

Update the lastupdated timestamp value in database

protected updateTimeStamp() : mixed 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results