5588c5f262
PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063)) ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable. To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.
118 lines
2.7 KiB
PHP
118 lines
2.7 KiB
PHP
<?php
|
|
/**
|
|
* @author cetra3 <peter@parashift.com.au>
|
|
* @author Lukas Reschke <lukas@owncloud.com>
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
* @author Phil Davis <phil.davis@inf.org>
|
|
* @author Robin Appelman <icewind@owncloud.com>
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
*
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
* @license AGPL-3.0
|
|
*
|
|
* This code is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
*
|
|
*/
|
|
|
|
namespace OC\Session;
|
|
|
|
/**
|
|
* Class Internal
|
|
*
|
|
* wrap php's internal session handling into the Session interface
|
|
*
|
|
* @package OC\Session
|
|
*/
|
|
class Internal extends Session {
|
|
/**
|
|
* @param string $name
|
|
* @throws \Exception
|
|
*/
|
|
public function __construct($name) {
|
|
session_name($name);
|
|
set_error_handler(array($this, 'trapError'));
|
|
try {
|
|
session_start();
|
|
} catch (\Exception $e) {
|
|
setcookie(session_name(), null, -1, \OC::$WEBROOT ? : '/');
|
|
}
|
|
restore_error_handler();
|
|
if (!isset($_SESSION)) {
|
|
throw new \Exception('Failed to start session');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param string $key
|
|
* @param integer $value
|
|
*/
|
|
public function set($key, $value) {
|
|
$this->validateSession();
|
|
$_SESSION[$key] = $value;
|
|
}
|
|
|
|
/**
|
|
* @param string $key
|
|
* @return mixed
|
|
*/
|
|
public function get($key) {
|
|
if (!$this->exists($key)) {
|
|
return null;
|
|
}
|
|
return $_SESSION[$key];
|
|
}
|
|
|
|
/**
|
|
* @param string $key
|
|
* @return bool
|
|
*/
|
|
public function exists($key) {
|
|
return isset($_SESSION[$key]);
|
|
}
|
|
|
|
/**
|
|
* @param string $key
|
|
*/
|
|
public function remove($key) {
|
|
if (isset($_SESSION[$key])) {
|
|
unset($_SESSION[$key]);
|
|
}
|
|
}
|
|
|
|
|
|
public function clear() {
|
|
session_unset();
|
|
@session_regenerate_id(true);
|
|
@session_start();
|
|
$_SESSION = array();
|
|
}
|
|
|
|
public function close() {
|
|
session_write_close();
|
|
parent::close();
|
|
}
|
|
|
|
public function reopen() {
|
|
throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.');
|
|
}
|
|
|
|
public function trapError($errorNumber, $errorString) {
|
|
throw new \ErrorException($errorString);
|
|
}
|
|
|
|
private function validateSession() {
|
|
if ($this->sessionClosed) {
|
|
throw new \Exception('Session has been closed - no further changes to the session are allowed');
|
|
}
|
|
}
|
|
}
|