|
1 <?php |
|
2 |
|
3 /** |
|
4 * Zend Framework |
|
5 * |
|
6 * LICENSE |
|
7 * |
|
8 * This source file is subject to the new BSD license that is bundled |
|
9 * with this package in the file LICENSE.txt. |
|
10 * It is also available through the world-wide-web at this URL: |
|
11 * http://framework.zend.com/license/new-bsd |
|
12 * If you did not receive a copy of the license and are unable to |
|
13 * obtain it through the world-wide-web, please send an email |
|
14 * to license@zend.com so we can send you a copy immediately. |
|
15 * |
|
16 * @category Zend |
|
17 * @package Zend_Session |
|
18 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
20 * @version $Id: Session.php 22587 2010-07-16 20:14:18Z ralph $ |
|
21 * @since Preview Release 0.2 |
|
22 */ |
|
23 |
|
24 |
|
25 /** |
|
26 * @see Zend_Session_Abstract |
|
27 */ |
|
28 require_once 'Zend/Session/Abstract.php'; |
|
29 |
|
30 /** |
|
31 * @see Zend_Session_Namespace |
|
32 */ |
|
33 require_once 'Zend/Session/Namespace.php'; |
|
34 |
|
35 /** |
|
36 * @see Zend_Session_SaveHandler_Interface |
|
37 */ |
|
38 require_once 'Zend/Session/SaveHandler/Interface.php'; |
|
39 |
|
40 |
|
41 /** |
|
42 * Zend_Session |
|
43 * |
|
44 * @category Zend |
|
45 * @package Zend_Session |
|
46 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
47 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
48 */ |
|
49 class Zend_Session extends Zend_Session_Abstract |
|
50 { |
|
51 /** |
|
52 * Whether or not Zend_Session is being used with unit tests |
|
53 * |
|
54 * @internal |
|
55 * @var bool |
|
56 */ |
|
57 public static $_unitTestEnabled = false; |
|
58 |
|
59 /** |
|
60 * $_throwStartupException |
|
61 * |
|
62 * @var bool|bitset This could also be a combiniation of error codes to catch |
|
63 */ |
|
64 protected static $_throwStartupExceptions = true; |
|
65 |
|
66 /** |
|
67 * Check whether or not the session was started |
|
68 * |
|
69 * @var bool |
|
70 */ |
|
71 private static $_sessionStarted = false; |
|
72 |
|
73 /** |
|
74 * Whether or not the session id has been regenerated this request. |
|
75 * |
|
76 * Id regeneration state |
|
77 * <0 - regenerate requested when session is started |
|
78 * 0 - do nothing |
|
79 * >0 - already called session_regenerate_id() |
|
80 * |
|
81 * @var int |
|
82 */ |
|
83 private static $_regenerateIdState = 0; |
|
84 |
|
85 /** |
|
86 * Private list of php's ini values for ext/session |
|
87 * null values will default to the php.ini value, otherwise |
|
88 * the value below will overwrite the default ini value, unless |
|
89 * the user has set an option explicity with setOptions() |
|
90 * |
|
91 * @var array |
|
92 */ |
|
93 private static $_defaultOptions = array( |
|
94 'save_path' => null, |
|
95 'name' => null, /* this should be set to a unique value for each application */ |
|
96 'save_handler' => null, |
|
97 //'auto_start' => null, /* intentionally excluded (see manual) */ |
|
98 'gc_probability' => null, |
|
99 'gc_divisor' => null, |
|
100 'gc_maxlifetime' => null, |
|
101 'serialize_handler' => null, |
|
102 'cookie_lifetime' => null, |
|
103 'cookie_path' => null, |
|
104 'cookie_domain' => null, |
|
105 'cookie_secure' => null, |
|
106 'cookie_httponly' => null, |
|
107 'use_cookies' => null, |
|
108 'use_only_cookies' => 'on', |
|
109 'referer_check' => null, |
|
110 'entropy_file' => null, |
|
111 'entropy_length' => null, |
|
112 'cache_limiter' => null, |
|
113 'cache_expire' => null, |
|
114 'use_trans_sid' => null, |
|
115 'bug_compat_42' => null, |
|
116 'bug_compat_warn' => null, |
|
117 'hash_function' => null, |
|
118 'hash_bits_per_character' => null |
|
119 ); |
|
120 |
|
121 /** |
|
122 * List of options pertaining to Zend_Session that can be set by developers |
|
123 * using Zend_Session::setOptions(). This list intentionally duplicates |
|
124 * the individual declaration of static "class" variables by the same names. |
|
125 * |
|
126 * @var array |
|
127 */ |
|
128 private static $_localOptions = array( |
|
129 'strict' => '_strict', |
|
130 'remember_me_seconds' => '_rememberMeSeconds', |
|
131 'throw_startup_exceptions' => '_throwStartupExceptions' |
|
132 ); |
|
133 |
|
134 /** |
|
135 * Whether or not write close has been performed. |
|
136 * |
|
137 * @var bool |
|
138 */ |
|
139 private static $_writeClosed = false; |
|
140 |
|
141 /** |
|
142 * Whether or not session id cookie has been deleted |
|
143 * |
|
144 * @var bool |
|
145 */ |
|
146 private static $_sessionCookieDeleted = false; |
|
147 |
|
148 /** |
|
149 * Whether or not session has been destroyed via session_destroy() |
|
150 * |
|
151 * @var bool |
|
152 */ |
|
153 private static $_destroyed = false; |
|
154 |
|
155 /** |
|
156 * Whether or not session must be initiated before usage |
|
157 * |
|
158 * @var bool |
|
159 */ |
|
160 private static $_strict = false; |
|
161 |
|
162 /** |
|
163 * Default number of seconds the session will be remembered for when asked to be remembered |
|
164 * |
|
165 * @var int |
|
166 */ |
|
167 private static $_rememberMeSeconds = 1209600; // 2 weeks |
|
168 |
|
169 /** |
|
170 * Whether the default options listed in Zend_Session::$_localOptions have been set |
|
171 * |
|
172 * @var bool |
|
173 */ |
|
174 private static $_defaultOptionsSet = false; |
|
175 |
|
176 /** |
|
177 * A reference to the set session save handler |
|
178 * |
|
179 * @var Zend_Session_SaveHandler_Interface |
|
180 */ |
|
181 private static $_saveHandler = null; |
|
182 |
|
183 |
|
184 /** |
|
185 * Constructor overriding - make sure that a developer cannot instantiate |
|
186 */ |
|
187 protected function __construct() |
|
188 { |
|
189 } |
|
190 |
|
191 |
|
192 /** |
|
193 * setOptions - set both the class specified |
|
194 * |
|
195 * @param array $userOptions - pass-by-keyword style array of <option name, option value> pairs |
|
196 * @throws Zend_Session_Exception |
|
197 * @return void |
|
198 */ |
|
199 public static function setOptions(array $userOptions = array()) |
|
200 { |
|
201 // set default options on first run only (before applying user settings) |
|
202 if (!self::$_defaultOptionsSet) { |
|
203 foreach (self::$_defaultOptions as $defaultOptionName => $defaultOptionValue) { |
|
204 if (isset(self::$_defaultOptions[$defaultOptionName])) { |
|
205 ini_set("session.$defaultOptionName", $defaultOptionValue); |
|
206 } |
|
207 } |
|
208 |
|
209 self::$_defaultOptionsSet = true; |
|
210 } |
|
211 |
|
212 // set the options the user has requested to set |
|
213 foreach ($userOptions as $userOptionName => $userOptionValue) { |
|
214 |
|
215 $userOptionName = strtolower($userOptionName); |
|
216 |
|
217 // set the ini based values |
|
218 if (array_key_exists($userOptionName, self::$_defaultOptions)) { |
|
219 ini_set("session.$userOptionName", $userOptionValue); |
|
220 } |
|
221 elseif (isset(self::$_localOptions[$userOptionName])) { |
|
222 self::${self::$_localOptions[$userOptionName]} = $userOptionValue; |
|
223 } |
|
224 else { |
|
225 /** @see Zend_Session_Exception */ |
|
226 require_once 'Zend/Session/Exception.php'; |
|
227 throw new Zend_Session_Exception("Unknown option: $userOptionName = $userOptionValue"); |
|
228 } |
|
229 } |
|
230 } |
|
231 |
|
232 /** |
|
233 * getOptions() |
|
234 * |
|
235 * @param string $optionName OPTIONAL |
|
236 * @return array|string |
|
237 */ |
|
238 public static function getOptions($optionName = null) |
|
239 { |
|
240 $options = array(); |
|
241 foreach (ini_get_all('session') as $sysOptionName => $sysOptionValues) { |
|
242 $options[substr($sysOptionName, 8)] = $sysOptionValues['local_value']; |
|
243 } |
|
244 foreach (self::$_localOptions as $localOptionName => $localOptionMemberName) { |
|
245 $options[$localOptionName] = self::${$localOptionMemberName}; |
|
246 } |
|
247 |
|
248 if ($optionName) { |
|
249 if (array_key_exists($optionName, $options)) { |
|
250 return $options[$optionName]; |
|
251 } |
|
252 return null; |
|
253 } |
|
254 |
|
255 return $options; |
|
256 } |
|
257 |
|
258 /** |
|
259 * setSaveHandler() - Session Save Handler assignment |
|
260 * |
|
261 * @param Zend_Session_SaveHandler_Interface $interface |
|
262 * @return void |
|
263 */ |
|
264 public static function setSaveHandler(Zend_Session_SaveHandler_Interface $saveHandler) |
|
265 { |
|
266 self::$_saveHandler = $saveHandler; |
|
267 |
|
268 if (self::$_unitTestEnabled) { |
|
269 return; |
|
270 } |
|
271 |
|
272 session_set_save_handler( |
|
273 array(&$saveHandler, 'open'), |
|
274 array(&$saveHandler, 'close'), |
|
275 array(&$saveHandler, 'read'), |
|
276 array(&$saveHandler, 'write'), |
|
277 array(&$saveHandler, 'destroy'), |
|
278 array(&$saveHandler, 'gc') |
|
279 ); |
|
280 } |
|
281 |
|
282 |
|
283 /** |
|
284 * getSaveHandler() - Get the session Save Handler |
|
285 * |
|
286 * @return Zend_Session_SaveHandler_Interface |
|
287 */ |
|
288 public static function getSaveHandler() |
|
289 { |
|
290 return self::$_saveHandler; |
|
291 } |
|
292 |
|
293 |
|
294 /** |
|
295 * regenerateId() - Regenerate the session id. Best practice is to call this after |
|
296 * session is started. If called prior to session starting, session id will be regenerated |
|
297 * at start time. |
|
298 * |
|
299 * @throws Zend_Session_Exception |
|
300 * @return void |
|
301 */ |
|
302 public static function regenerateId() |
|
303 { |
|
304 if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) { |
|
305 /** @see Zend_Session_Exception */ |
|
306 require_once 'Zend/Session/Exception.php'; |
|
307 throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . |
|
308 "() before any output has been sent to the browser; output started in {$filename}/{$linenum}"); |
|
309 } |
|
310 |
|
311 if (self::$_sessionStarted && self::$_regenerateIdState <= 0) { |
|
312 if (!self::$_unitTestEnabled) { |
|
313 session_regenerate_id(true); |
|
314 } |
|
315 self::$_regenerateIdState = 1; |
|
316 } else { |
|
317 /** |
|
318 * @todo If we can detect that this requester had no session previously, |
|
319 * then why regenerate the id before the session has started? |
|
320 * Feedback wanted for: |
|
321 // |
|
322 if (isset($_COOKIE[session_name()]) || (!use only cookies && isset($_REQUEST[session_name()]))) { |
|
323 self::$_regenerateIdState = 1; |
|
324 } else { |
|
325 self::$_regenerateIdState = -1; |
|
326 } |
|
327 //*/ |
|
328 self::$_regenerateIdState = -1; |
|
329 } |
|
330 } |
|
331 |
|
332 |
|
333 /** |
|
334 * rememberMe() - Write a persistent cookie that expires after a number of seconds in the future. If no number of |
|
335 * seconds is specified, then this defaults to self::$_rememberMeSeconds. Due to clock errors on end users' systems, |
|
336 * large values are recommended to avoid undesirable expiration of session cookies. |
|
337 * |
|
338 * @param $seconds integer - OPTIONAL specifies TTL for cookie in seconds from present time |
|
339 * @return void |
|
340 */ |
|
341 public static function rememberMe($seconds = null) |
|
342 { |
|
343 $seconds = (int) $seconds; |
|
344 $seconds = ($seconds > 0) ? $seconds : self::$_rememberMeSeconds; |
|
345 |
|
346 self::rememberUntil($seconds); |
|
347 } |
|
348 |
|
349 |
|
350 /** |
|
351 * forgetMe() - Write a volatile session cookie, removing any persistent cookie that may have existed. The session |
|
352 * would end upon, for example, termination of a web browser program. |
|
353 * |
|
354 * @return void |
|
355 */ |
|
356 public static function forgetMe() |
|
357 { |
|
358 self::rememberUntil(0); |
|
359 } |
|
360 |
|
361 |
|
362 /** |
|
363 * rememberUntil() - This method does the work of changing the state of the session cookie and making |
|
364 * sure that it gets resent to the browser via regenerateId() |
|
365 * |
|
366 * @param int $seconds |
|
367 * @return void |
|
368 */ |
|
369 public static function rememberUntil($seconds = 0) |
|
370 { |
|
371 if (self::$_unitTestEnabled) { |
|
372 self::regenerateId(); |
|
373 return; |
|
374 } |
|
375 |
|
376 $cookieParams = session_get_cookie_params(); |
|
377 |
|
378 session_set_cookie_params( |
|
379 $seconds, |
|
380 $cookieParams['path'], |
|
381 $cookieParams['domain'], |
|
382 $cookieParams['secure'] |
|
383 ); |
|
384 |
|
385 // normally "rememberMe()" represents a security context change, so should use new session id |
|
386 self::regenerateId(); |
|
387 } |
|
388 |
|
389 |
|
390 /** |
|
391 * sessionExists() - whether or not a session exists for the current request |
|
392 * |
|
393 * @return bool |
|
394 */ |
|
395 public static function sessionExists() |
|
396 { |
|
397 if (ini_get('session.use_cookies') == '1' && isset($_COOKIE[session_name()])) { |
|
398 return true; |
|
399 } elseif (!empty($_REQUEST[session_name()])) { |
|
400 return true; |
|
401 } elseif (self::$_unitTestEnabled) { |
|
402 return true; |
|
403 } |
|
404 |
|
405 return false; |
|
406 } |
|
407 |
|
408 |
|
409 /** |
|
410 * Whether or not session has been destroyed via session_destroy() |
|
411 * |
|
412 * @return bool |
|
413 */ |
|
414 public static function isDestroyed() |
|
415 { |
|
416 return self::$_destroyed; |
|
417 } |
|
418 |
|
419 |
|
420 /** |
|
421 * start() - Start the session. |
|
422 * |
|
423 * @param bool|array $options OPTIONAL Either user supplied options, or flag indicating if start initiated automatically |
|
424 * @throws Zend_Session_Exception |
|
425 * @return void |
|
426 */ |
|
427 public static function start($options = false) |
|
428 { |
|
429 if (self::$_sessionStarted && self::$_destroyed) { |
|
430 require_once 'Zend/Session/Exception.php'; |
|
431 throw new Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.'); |
|
432 } |
|
433 |
|
434 if (self::$_sessionStarted) { |
|
435 return; // already started |
|
436 } |
|
437 |
|
438 // make sure our default options (at the least) have been set |
|
439 if (!self::$_defaultOptionsSet) { |
|
440 self::setOptions(is_array($options) ? $options : array()); |
|
441 } |
|
442 |
|
443 // In strict mode, do not allow auto-starting Zend_Session, such as via "new Zend_Session_Namespace()" |
|
444 if (self::$_strict && $options === true) { |
|
445 /** @see Zend_Session_Exception */ |
|
446 require_once 'Zend/Session/Exception.php'; |
|
447 throw new Zend_Session_Exception('You must explicitly start the session with Zend_Session::start() when session options are set to strict.'); |
|
448 } |
|
449 |
|
450 $filename = $linenum = null; |
|
451 if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) { |
|
452 /** @see Zend_Session_Exception */ |
|
453 require_once 'Zend/Session/Exception.php'; |
|
454 throw new Zend_Session_Exception("Session must be started before any output has been sent to the browser;" |
|
455 . " output started in {$filename}/{$linenum}"); |
|
456 } |
|
457 |
|
458 // See http://www.php.net/manual/en/ref.session.php for explanation |
|
459 if (!self::$_unitTestEnabled && defined('SID')) { |
|
460 /** @see Zend_Session_Exception */ |
|
461 require_once 'Zend/Session/Exception.php'; |
|
462 throw new Zend_Session_Exception('session has already been started by session.auto-start or session_start()'); |
|
463 } |
|
464 |
|
465 /** |
|
466 * Hack to throw exceptions on start instead of php errors |
|
467 * @see http://framework.zend.com/issues/browse/ZF-1325 |
|
468 */ |
|
469 |
|
470 $errorLevel = (is_int(self::$_throwStartupExceptions)) ? self::$_throwStartupExceptions : E_ALL; |
|
471 |
|
472 /** @see Zend_Session_Exception */ |
|
473 if (!self::$_unitTestEnabled) { |
|
474 |
|
475 if (self::$_throwStartupExceptions) { |
|
476 require_once 'Zend/Session/Exception.php'; |
|
477 set_error_handler(array('Zend_Session_Exception', 'handleSessionStartError'), $errorLevel); |
|
478 } |
|
479 |
|
480 $startedCleanly = session_start(); |
|
481 |
|
482 if (self::$_throwStartupExceptions) { |
|
483 restore_error_handler(); |
|
484 } |
|
485 |
|
486 if (!$startedCleanly || Zend_Session_Exception::$sessionStartError != null) { |
|
487 if (self::$_throwStartupExceptions) { |
|
488 set_error_handler(array('Zend_Session_Exception', 'handleSilentWriteClose'), $errorLevel); |
|
489 } |
|
490 session_write_close(); |
|
491 if (self::$_throwStartupExceptions) { |
|
492 restore_error_handler(); |
|
493 throw new Zend_Session_Exception(__CLASS__ . '::' . __FUNCTION__ . '() - ' . Zend_Session_Exception::$sessionStartError); |
|
494 } |
|
495 } |
|
496 } |
|
497 |
|
498 parent::$_readable = true; |
|
499 parent::$_writable = true; |
|
500 self::$_sessionStarted = true; |
|
501 if (self::$_regenerateIdState === -1) { |
|
502 self::regenerateId(); |
|
503 } |
|
504 |
|
505 // run validators if they exist |
|
506 if (isset($_SESSION['__ZF']['VALID'])) { |
|
507 self::_processValidators(); |
|
508 } |
|
509 |
|
510 self::_processStartupMetadataGlobal(); |
|
511 } |
|
512 |
|
513 |
|
514 /** |
|
515 * _processGlobalMetadata() - this method initizes the sessions GLOBAL |
|
516 * metadata, mostly global data expiration calculations. |
|
517 * |
|
518 * @return void |
|
519 */ |
|
520 private static function _processStartupMetadataGlobal() |
|
521 { |
|
522 // process global metadata |
|
523 if (isset($_SESSION['__ZF'])) { |
|
524 |
|
525 // expire globally expired values |
|
526 foreach ($_SESSION['__ZF'] as $namespace => $namespace_metadata) { |
|
527 |
|
528 // Expire Namespace by Time (ENT) |
|
529 if (isset($namespace_metadata['ENT']) && ($namespace_metadata['ENT'] > 0) && (time() > $namespace_metadata['ENT']) ) { |
|
530 unset($_SESSION[$namespace]); |
|
531 unset($_SESSION['__ZF'][$namespace]); |
|
532 } |
|
533 |
|
534 // Expire Namespace by Global Hop (ENGH) if it wasnt expired above |
|
535 if (isset($_SESSION['__ZF'][$namespace]) && isset($namespace_metadata['ENGH']) && $namespace_metadata['ENGH'] >= 1) { |
|
536 |
|
537 $_SESSION['__ZF'][$namespace]['ENGH']--; |
|
538 |
|
539 if ($_SESSION['__ZF'][$namespace]['ENGH'] === 0) { |
|
540 if (isset($_SESSION[$namespace])) { |
|
541 parent::$_expiringData[$namespace] = $_SESSION[$namespace]; |
|
542 unset($_SESSION[$namespace]); |
|
543 } |
|
544 unset($_SESSION['__ZF'][$namespace]); |
|
545 } |
|
546 } |
|
547 |
|
548 // Expire Namespace Variables by Time (ENVT) |
|
549 if (isset($namespace_metadata['ENVT'])) { |
|
550 foreach ($namespace_metadata['ENVT'] as $variable => $time) { |
|
551 if (time() > $time) { |
|
552 unset($_SESSION[$namespace][$variable]); |
|
553 unset($_SESSION['__ZF'][$namespace]['ENVT'][$variable]); |
|
554 } |
|
555 } |
|
556 if (empty($_SESSION['__ZF'][$namespace]['ENVT'])) { |
|
557 unset($_SESSION['__ZF'][$namespace]['ENVT']); |
|
558 } |
|
559 } |
|
560 |
|
561 // Expire Namespace Variables by Global Hop (ENVGH) |
|
562 if (isset($namespace_metadata['ENVGH'])) { |
|
563 foreach ($namespace_metadata['ENVGH'] as $variable => $hops) { |
|
564 $_SESSION['__ZF'][$namespace]['ENVGH'][$variable]--; |
|
565 |
|
566 if ($_SESSION['__ZF'][$namespace]['ENVGH'][$variable] === 0) { |
|
567 if (isset($_SESSION[$namespace][$variable])) { |
|
568 parent::$_expiringData[$namespace][$variable] = $_SESSION[$namespace][$variable]; |
|
569 unset($_SESSION[$namespace][$variable]); |
|
570 } |
|
571 unset($_SESSION['__ZF'][$namespace]['ENVGH'][$variable]); |
|
572 } |
|
573 } |
|
574 if (empty($_SESSION['__ZF'][$namespace]['ENVGH'])) { |
|
575 unset($_SESSION['__ZF'][$namespace]['ENVGH']); |
|
576 } |
|
577 } |
|
578 } |
|
579 |
|
580 if (isset($namespace) && empty($_SESSION['__ZF'][$namespace])) { |
|
581 unset($_SESSION['__ZF'][$namespace]); |
|
582 } |
|
583 } |
|
584 |
|
585 if (isset($_SESSION['__ZF']) && empty($_SESSION['__ZF'])) { |
|
586 unset($_SESSION['__ZF']); |
|
587 } |
|
588 } |
|
589 |
|
590 |
|
591 /** |
|
592 * isStarted() - convenience method to determine if the session is already started. |
|
593 * |
|
594 * @return bool |
|
595 */ |
|
596 public static function isStarted() |
|
597 { |
|
598 return self::$_sessionStarted; |
|
599 } |
|
600 |
|
601 |
|
602 /** |
|
603 * isRegenerated() - convenience method to determine if session_regenerate_id() |
|
604 * has been called during this request by Zend_Session. |
|
605 * |
|
606 * @return bool |
|
607 */ |
|
608 public static function isRegenerated() |
|
609 { |
|
610 return ( (self::$_regenerateIdState > 0) ? true : false ); |
|
611 } |
|
612 |
|
613 |
|
614 /** |
|
615 * getId() - get the current session id |
|
616 * |
|
617 * @return string |
|
618 */ |
|
619 public static function getId() |
|
620 { |
|
621 return session_id(); |
|
622 } |
|
623 |
|
624 |
|
625 /** |
|
626 * setId() - set an id to a user specified id |
|
627 * |
|
628 * @throws Zend_Session_Exception |
|
629 * @param string $id |
|
630 * @return void |
|
631 */ |
|
632 public static function setId($id) |
|
633 { |
|
634 if (!self::$_unitTestEnabled && defined('SID')) { |
|
635 /** @see Zend_Session_Exception */ |
|
636 require_once 'Zend/Session/Exception.php'; |
|
637 throw new Zend_Session_Exception('The session has already been started. The session id must be set first.'); |
|
638 } |
|
639 |
|
640 if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) { |
|
641 /** @see Zend_Session_Exception */ |
|
642 require_once 'Zend/Session/Exception.php'; |
|
643 throw new Zend_Session_Exception("You must call ".__CLASS__.'::'.__FUNCTION__. |
|
644 "() before any output has been sent to the browser; output started in {$filename}/{$linenum}"); |
|
645 } |
|
646 |
|
647 if (!is_string($id) || $id === '') { |
|
648 /** @see Zend_Session_Exception */ |
|
649 require_once 'Zend/Session/Exception.php'; |
|
650 throw new Zend_Session_Exception('You must provide a non-empty string as a session identifier.'); |
|
651 } |
|
652 |
|
653 session_id($id); |
|
654 } |
|
655 |
|
656 |
|
657 /** |
|
658 * registerValidator() - register a validator that will attempt to validate this session for |
|
659 * every future request |
|
660 * |
|
661 * @param Zend_Session_Validator_Interface $validator |
|
662 * @return void |
|
663 */ |
|
664 public static function registerValidator(Zend_Session_Validator_Interface $validator) |
|
665 { |
|
666 $validator->setup(); |
|
667 } |
|
668 |
|
669 |
|
670 /** |
|
671 * stop() - Disable write access. Optionally disable read (not implemented). |
|
672 * |
|
673 * @return void |
|
674 */ |
|
675 public static function stop() |
|
676 { |
|
677 parent::$_writable = false; |
|
678 } |
|
679 |
|
680 |
|
681 /** |
|
682 * writeClose() - Shutdown the sesssion, close writing and detach $_SESSION from the back-end storage mechanism. |
|
683 * This will complete the internal data transformation on this request. |
|
684 * |
|
685 * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes) |
|
686 * @return void |
|
687 */ |
|
688 public static function writeClose($readonly = true) |
|
689 { |
|
690 if (self::$_unitTestEnabled) { |
|
691 return; |
|
692 } |
|
693 |
|
694 if (self::$_writeClosed) { |
|
695 return; |
|
696 } |
|
697 |
|
698 if ($readonly) { |
|
699 parent::$_writable = false; |
|
700 } |
|
701 |
|
702 session_write_close(); |
|
703 self::$_writeClosed = true; |
|
704 } |
|
705 |
|
706 |
|
707 /** |
|
708 * destroy() - This is used to destroy session data, and optionally, the session cookie itself |
|
709 * |
|
710 * @param bool $remove_cookie - OPTIONAL remove session id cookie, defaults to true (remove cookie) |
|
711 * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes) |
|
712 * @return void |
|
713 */ |
|
714 public static function destroy($remove_cookie = true, $readonly = true) |
|
715 { |
|
716 if (self::$_unitTestEnabled) { |
|
717 return; |
|
718 } |
|
719 |
|
720 if (self::$_destroyed) { |
|
721 return; |
|
722 } |
|
723 |
|
724 if ($readonly) { |
|
725 parent::$_writable = false; |
|
726 } |
|
727 |
|
728 session_destroy(); |
|
729 self::$_destroyed = true; |
|
730 |
|
731 if ($remove_cookie) { |
|
732 self::expireSessionCookie(); |
|
733 } |
|
734 } |
|
735 |
|
736 |
|
737 /** |
|
738 * expireSessionCookie() - Sends an expired session id cookie, causing the client to delete the session cookie |
|
739 * |
|
740 * @return void |
|
741 */ |
|
742 public static function expireSessionCookie() |
|
743 { |
|
744 if (self::$_unitTestEnabled) { |
|
745 return; |
|
746 } |
|
747 |
|
748 if (self::$_sessionCookieDeleted) { |
|
749 return; |
|
750 } |
|
751 |
|
752 self::$_sessionCookieDeleted = true; |
|
753 |
|
754 if (isset($_COOKIE[session_name()])) { |
|
755 $cookie_params = session_get_cookie_params(); |
|
756 |
|
757 setcookie( |
|
758 session_name(), |
|
759 false, |
|
760 315554400, // strtotime('1980-01-01'), |
|
761 $cookie_params['path'], |
|
762 $cookie_params['domain'], |
|
763 $cookie_params['secure'] |
|
764 ); |
|
765 } |
|
766 } |
|
767 |
|
768 |
|
769 /** |
|
770 * _processValidator() - internal function that is called in the existence of VALID metadata |
|
771 * |
|
772 * @throws Zend_Session_Exception |
|
773 * @return void |
|
774 */ |
|
775 private static function _processValidators() |
|
776 { |
|
777 foreach ($_SESSION['__ZF']['VALID'] as $validator_name => $valid_data) { |
|
778 if (!class_exists($validator_name)) { |
|
779 require_once 'Zend/Loader.php'; |
|
780 Zend_Loader::loadClass($validator_name); |
|
781 } |
|
782 $validator = new $validator_name; |
|
783 if ($validator->validate() === false) { |
|
784 /** @see Zend_Session_Exception */ |
|
785 require_once 'Zend/Session/Exception.php'; |
|
786 throw new Zend_Session_Exception("This session is not valid according to {$validator_name}."); |
|
787 } |
|
788 } |
|
789 } |
|
790 |
|
791 |
|
792 /** |
|
793 * namespaceIsset() - check to see if a namespace is set |
|
794 * |
|
795 * @param string $namespace |
|
796 * @return bool |
|
797 */ |
|
798 public static function namespaceIsset($namespace) |
|
799 { |
|
800 return parent::_namespaceIsset($namespace); |
|
801 } |
|
802 |
|
803 |
|
804 /** |
|
805 * namespaceUnset() - unset a namespace or a variable within a namespace |
|
806 * |
|
807 * @param string $namespace |
|
808 * @throws Zend_Session_Exception |
|
809 * @return void |
|
810 */ |
|
811 public static function namespaceUnset($namespace) |
|
812 { |
|
813 parent::_namespaceUnset($namespace); |
|
814 Zend_Session_Namespace::resetSingleInstance($namespace); |
|
815 } |
|
816 |
|
817 |
|
818 /** |
|
819 * namespaceGet() - get all variables in a namespace |
|
820 * Deprecated: Use getIterator() in Zend_Session_Namespace. |
|
821 * |
|
822 * @param string $namespace |
|
823 * @return array |
|
824 */ |
|
825 public static function namespaceGet($namespace) |
|
826 { |
|
827 return parent::_namespaceGetAll($namespace); |
|
828 } |
|
829 |
|
830 |
|
831 /** |
|
832 * getIterator() - return an iteratable object for use in foreach and the like, |
|
833 * this completes the IteratorAggregate interface |
|
834 * |
|
835 * @throws Zend_Session_Exception |
|
836 * @return ArrayObject |
|
837 */ |
|
838 public static function getIterator() |
|
839 { |
|
840 if (parent::$_readable === false) { |
|
841 /** @see Zend_Session_Exception */ |
|
842 require_once 'Zend/Session/Exception.php'; |
|
843 throw new Zend_Session_Exception(parent::_THROW_NOT_READABLE_MSG); |
|
844 } |
|
845 |
|
846 $spaces = array(); |
|
847 if (isset($_SESSION)) { |
|
848 $spaces = array_keys($_SESSION); |
|
849 foreach($spaces as $key => $space) { |
|
850 if (!strncmp($space, '__', 2) || !is_array($_SESSION[$space])) { |
|
851 unset($spaces[$key]); |
|
852 } |
|
853 } |
|
854 } |
|
855 |
|
856 return new ArrayObject(array_merge($spaces, array_keys(parent::$_expiringData))); |
|
857 } |
|
858 |
|
859 |
|
860 /** |
|
861 * isWritable() - returns a boolean indicating if namespaces can write (use setters) |
|
862 * |
|
863 * @return bool |
|
864 */ |
|
865 public static function isWritable() |
|
866 { |
|
867 return parent::$_writable; |
|
868 } |
|
869 |
|
870 |
|
871 /** |
|
872 * isReadable() - returns a boolean indicating if namespaces can write (use setters) |
|
873 * |
|
874 * @return bool |
|
875 */ |
|
876 public static function isReadable() |
|
877 { |
|
878 return parent::$_readable; |
|
879 } |
|
880 |
|
881 } |