server/lib/private/session/internal.php
Lukas Reschke fec41e7539 Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
2016-01-04 15:09:01 +01:00

138 lines
3.1 KiB
PHP

<?php
/**
* @author cetra3 <peter@parashift.com.au>
* @author Lukas Reschke <lukas@owncloud.com>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Phil Davis <phil.davis@inf.org>
* @author Robin Appelman <icewind@owncloud.com>
* @author Thomas Müller <thomas.mueller@tmit.eu>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OC\Session;
/**
* Class Internal
*
* wrap php's internal session handling into the Session interface
*
* @package OC\Session
*/
class Internal extends Session {
/**
* @param string $name
* @throws \Exception
*/
public function __construct($name) {
session_name($name);
set_error_handler(array($this, 'trapError'));
try {
session_start();
} catch (\Exception $e) {
setcookie(session_name(), null, -1, \OC::$WEBROOT ? : '/');
}
restore_error_handler();
if (!isset($_SESSION)) {
throw new \Exception('Failed to start session');
}
}
/**
* @param string $key
* @param integer $value
*/
public function set($key, $value) {
$this->validateSession();
$_SESSION[$key] = $value;
}
/**
* @param string $key
* @return mixed
*/
public function get($key) {
if (!$this->exists($key)) {
return null;
}
return $_SESSION[$key];
}
/**
* @param string $key
* @return bool
*/
public function exists($key) {
return isset($_SESSION[$key]);
}
/**
* @param string $key
*/
public function remove($key) {
if (isset($_SESSION[$key])) {
unset($_SESSION[$key]);
}
}
public function clear() {
session_unset();
$this->regenerateId();
@session_start();
$_SESSION = array();
}
public function close() {
session_write_close();
parent::close();
}
/**
* Wrapper around session_regenerate_id
*
* @param bool $deleteOldSession Whether to delete the old associated session file or not.
* @return void
*/
public function regenerateId($deleteOldSession = true) {
@session_regenerate_id($deleteOldSession);
}
/**
* @throws \Exception
*/
public function reopen() {
throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.');
}
/**
* @param int $errorNumber
* @param string $errorString
* @throws \ErrorException
*/
public function trapError($errorNumber, $errorString) {
throw new \ErrorException($errorString);
}
/**
* @throws \Exception
*/
private function validateSession() {
if ($this->sessionClosed) {
throw new \Exception('Session has been closed - no further changes to the session are allowed');
}
}
}