123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 |
- <?php
- /*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
- namespace Symfony\Component\HttpFoundation\Session\Storage\Handler;
- use Symfony\Component\HttpFoundation\Session\SessionUtils;
- /**
- * This abstract session handler provides a generic implementation
- * of the PHP 7.0 SessionUpdateTimestampHandlerInterface,
- * enabling strict and lazy session handling.
- *
- * @author Nicolas Grekas <p@tchwork.com>
- */
- abstract class AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface
- {
- private $sessionName;
- private $prefetchId;
- private $prefetchData;
- private $newSessionId;
- private $igbinaryEmptyData;
- /**
- * @return bool
- */
- public function open($savePath, $sessionName)
- {
- $this->sessionName = $sessionName;
- if (!headers_sent() && !ini_get('session.cache_limiter') && '0' !== ini_get('session.cache_limiter')) {
- header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) ini_get('session.cache_expire')));
- }
- return true;
- }
- /**
- * @return string
- */
- abstract protected function doRead(string $sessionId);
- /**
- * @return bool
- */
- abstract protected function doWrite(string $sessionId, string $data);
- /**
- * @return bool
- */
- abstract protected function doDestroy(string $sessionId);
- /**
- * @return bool
- */
- public function validateId($sessionId)
- {
- $this->prefetchData = $this->read($sessionId);
- $this->prefetchId = $sessionId;
- if (\PHP_VERSION_ID < 70317 || (70400 <= \PHP_VERSION_ID && \PHP_VERSION_ID < 70405)) {
- // work around https://bugs.php.net/79413
- foreach (debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS) as $frame) {
- if (!isset($frame['class']) && isset($frame['function']) && \in_array($frame['function'], ['session_regenerate_id', 'session_create_id'], true)) {
- return '' === $this->prefetchData;
- }
- }
- }
- return '' !== $this->prefetchData;
- }
- /**
- * @return string
- */
- public function read($sessionId)
- {
- if (null !== $this->prefetchId) {
- $prefetchId = $this->prefetchId;
- $prefetchData = $this->prefetchData;
- $this->prefetchId = $this->prefetchData = null;
- if ($prefetchId === $sessionId || '' === $prefetchData) {
- $this->newSessionId = '' === $prefetchData ? $sessionId : null;
- return $prefetchData;
- }
- }
- $data = $this->doRead($sessionId);
- $this->newSessionId = '' === $data ? $sessionId : null;
- return $data;
- }
- /**
- * @return bool
- */
- public function write($sessionId, $data)
- {
- if (null === $this->igbinaryEmptyData) {
- // see https://github.com/igbinary/igbinary/issues/146
- $this->igbinaryEmptyData = \function_exists('igbinary_serialize') ? igbinary_serialize([]) : '';
- }
- if ('' === $data || $this->igbinaryEmptyData === $data) {
- return $this->destroy($sessionId);
- }
- $this->newSessionId = null;
- return $this->doWrite($sessionId, $data);
- }
- /**
- * @return bool
- */
- public function destroy($sessionId)
- {
- if (!headers_sent() && filter_var(ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOLEAN)) {
- if (!$this->sessionName) {
- throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class));
- }
- $cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);
- /*
- * We send an invalidation Set-Cookie header (zero lifetime)
- * when either the session was started or a cookie with
- * the session name was sent by the client (in which case
- * we know it's invalid as a valid session cookie would've
- * started the session).
- */
- if (null === $cookie || isset($_COOKIE[$this->sessionName])) {
- if (\PHP_VERSION_ID < 70300) {
- setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), \FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), \FILTER_VALIDATE_BOOLEAN));
- } else {
- $params = session_get_cookie_params();
- unset($params['lifetime']);
- setcookie($this->sessionName, '', $params);
- }
- }
- }
- return $this->newSessionId === $sessionId || $this->doDestroy($sessionId);
- }
- }
|