diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/class-wp-session-tokens.php --- a/wp/wp-includes/class-wp-session-tokens.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/class-wp-session-tokens.php Mon Oct 14 18:28:13 2019 +0200 @@ -23,7 +23,7 @@ protected $user_id; /** - * Protected constructor. + * Protected constructor. Use the `get_instance()` method to get the instance. * * @since 4.0.0 * @@ -34,20 +34,20 @@ } /** - * Retrieves a session token manager instance for a user. + * Retrieves a session manager instance for a user. * * This method contains a {@see 'session_token_manager'} filter, allowing a plugin to swap out * the session manager for a subclass of `WP_Session_Tokens`. * * @since 4.0.0 - * @static * * @param int $user_id User whose session to manage. - * @return WP_User_Meta_Session_Tokens WP_User_Meta_Session_Tokens class instance by default. + * @return WP_Session_Tokens The session object, which is by default an instance of + * the `WP_User_Meta_Session_Tokens` class. */ final public static function get_instance( $user_id ) { /** - * Filters the session token manager used. + * Filters the class name for the session token manager. * * @since 4.0.0 * @@ -59,7 +59,7 @@ } /** - * Hashes a session token for storage. + * Hashes the given session token for storage. * * @since 4.0.0 * @@ -76,12 +76,12 @@ } /** - * Get a user's session. + * Retrieves a user's session for the given token. * * @since 4.0.0 * - * @param string $token Session token - * @return array User session + * @param string $token Session token. + * @return array|null The session, or null if it does not exist. */ final public function get( $token ) { $verifier = $this->hash_token( $token ); @@ -89,7 +89,7 @@ } /** - * Validate a user's session token as authentic. + * Validates the given session token for authenticity and validity. * * Checks that the given token is present and hasn't expired. * @@ -104,11 +104,11 @@ } /** - * Generate a session token and attach session information to it. + * Generates a session token and attaches session information to it. * * A session token is a long, random string. It is used in a cookie - * link that cookie to an expiration time and to ensure the cookie - * becomes invalidated upon logout. + * to link that cookie to an expiration time and to ensure the cookie + * becomes invalidated when the user logs out. * * This function generates a token and stores it with the associated * expiration time (and potentially other session information via the @@ -123,19 +123,18 @@ /** * Filters the information attached to the newly created session. * - * Could be used in the future to attach information such as - * IP address or user agent to a session. + * Can be used to attach further information to a session. * * @since 4.0.0 * * @param array $session Array of extra data. * @param int $user_id User ID. */ - $session = apply_filters( 'attach_session_information', array(), $this->user_id ); + $session = apply_filters( 'attach_session_information', array(), $this->user_id ); $session['expiration'] = $expiration; // IP address. - if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) { + if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { $session['ip'] = $_SERVER['REMOTE_ADDR']; } @@ -155,7 +154,7 @@ } /** - * Update a session token. + * Updates the data for the session with the given token. * * @since 4.0.0 * @@ -168,7 +167,7 @@ } /** - * Destroy a session token. + * Destroys the session with the given token. * * @since 4.0.0 * @@ -180,8 +179,7 @@ } /** - * Destroy all session tokens for this user, - * except a single token, presumably the one in use. + * Destroys all sessions for this user except the one with the given token (presumably the one in use). * * @since 4.0.0 * @@ -189,7 +187,7 @@ */ final public function destroy_others( $token_to_keep ) { $verifier = $this->hash_token( $token_to_keep ); - $session = $this->get_session( $verifier ); + $session = $this->get_session( $verifier ); if ( $session ) { $this->destroy_other_sessions( $verifier ); } else { @@ -198,8 +196,7 @@ } /** - * Determine whether a session token is still valid, - * based on expiration. + * Determines whether a session is still valid, based on its expiration timestamp. * * @since 4.0.0 * @@ -211,7 +208,7 @@ } /** - * Destroy all session tokens for a user. + * Destroys all sessions for a user. * * @since 4.0.0 */ @@ -220,10 +217,9 @@ } /** - * Destroy all session tokens for all users. + * Destroys all sessions for all users. * * @since 4.0.0 - * @static */ final public static function destroy_all_for_all_users() { /** This filter is documented in wp-includes/class-wp-session-tokens.php */ @@ -232,50 +228,49 @@ } /** - * Retrieve all sessions of a user. + * Retrieves all sessions for a user. * * @since 4.0.0 * - * @return array Sessions of a user. + * @return array Sessions for a user. */ final public function get_all() { return array_values( $this->get_sessions() ); } /** - * This method should retrieve all sessions of a user, keyed by verifier. + * Retrieves all sessions of the user. * * @since 4.0.0 * - * @return array Sessions of a user, keyed by verifier. + * @return array Sessions of the user. */ abstract protected function get_sessions(); /** - * This method should look up a session by its verifier (token hash). + * Retrieves a session based on its verifier (token hash). * * @since 4.0.0 * - * @param string $verifier Verifier of the session to retrieve. + * @param string $verifier Verifier for the session to retrieve. * @return array|null The session, or null if it does not exist. */ abstract protected function get_session( $verifier ); /** - * This method should update a session by its verifier. + * Updates a session based on its verifier (token hash). * - * Omitting the second argument should destroy the session. + * Omitting the second argument destroys the session. * * @since 4.0.0 * - * @param string $verifier Verifier of the session to update. + * @param string $verifier Verifier for the session to update. * @param array $session Optional. Session. Omitting this argument destroys the session. */ abstract protected function update_session( $verifier, $session = null ); /** - * This method should destroy all session tokens for this user, - * except a single session passed. + * Destroys all sessions for this user, except the single session with the given verifier. * * @since 4.0.0 * @@ -284,17 +279,16 @@ abstract protected function destroy_other_sessions( $verifier ); /** - * This method should destroy all sessions for a user. + * Destroys all sessions for the user. * * @since 4.0.0 */ abstract protected function destroy_all_sessions(); /** - * This static method should destroy all session tokens for all users. + * Destroys all sessions for all users. * * @since 4.0.0 - * @static */ public static function drop_sessions() {} }