<?php /** * Part of the Joomla Framework Session Package * * @copyright Copyright (C) 2005 - 2021 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE */ namespace Joomla\Session\Storage; use Joomla\Session\HandlerInterface; use Joomla\Session\StorageInterface; /** * Base class providing a session store * * @since 2.0.0 */ class NativeStorage implements StorageInterface { /** * Flag if the session is active * * @var boolean * @since 2.0.0 */ private $active = false; /** * Internal flag identifying whether the session has been closed * * @var boolean * @since 2.0.0 */ private $closed = false; /** * Session save handler * * @var \SessionHandlerInterface * @since 2.0.0 */ private $handler; /** * Internal flag identifying whether the session has been started * * @var boolean * @since 2.0.0 */ private $started = false; /** * Constructor * * @param \SessionHandlerInterface $handler Session save handler * @param array $options Session options * * @since 1.0 */ public function __construct(?\SessionHandlerInterface $handler = null, array $options = []) { // Disable transparent sid support and default use cookies $options += [ 'use_cookies' => 1, 'use_trans_sid' => 0, ]; if (!headers_sent()) { session_cache_limiter('none'); } session_register_shutdown(); $this->setOptions($options); $this->setHandler($handler); } /** * Retrieves all variables from the session store * * @return array * * @since 2.0.0 */ public function all(): array { return $_SESSION; } /** * Clears all variables from the session store * * @return void * * @since 2.0.0 */ public function clear(): void { $_SESSION = []; } /** * Writes session data and ends session * * @return void * * @see session_write_close() * @since 2.0.0 */ public function close(): void { session_write_close(); $this->closed = true; $this->started = false; } /** * Perform session data garbage collection * * @return integer|boolean Number of deleted sessions on success or boolean false on failure or if the function is unsupported * * @see session_gc() * @since 2.0.0 */ public function gc() { if (!$this->isStarted()) { $this->start(); } return session_gc(); } /** * Aborts the current session * * @return boolean * * @see session_abort() * @since 2.0.0 */ public function abort(): bool { if (!$this->isStarted()) { return true; } return session_abort(); } /** * Get data from the session store * * @param string $name Name of a variable * @param mixed $default Default value of a variable if not set * * @return mixed Value of a variable * * @since 2.0.0 */ public function get(string $name, $default) { if (!$this->isStarted()) { $this->start(); } if (isset($_SESSION[$name])) { return $_SESSION[$name]; } return $default; } /** * Gets the save handler instance * * @return \SessionHandlerInterface|null * * @since 2.0.0 */ public function getHandler(): ?\SessionHandlerInterface { return $this->handler; } /** * Get the session ID * * @return string The session ID * * @since 2.0.0 */ public function getId(): string { return session_id(); } /** * Get the session name * * @return string The session name * * @since 2.0.0 */ public function getName(): string { return session_name(); } /** * Check whether data exists in the session store * * @param string $name Name of variable * * @return boolean * * @since 2.0.0 */ public function has(string $name): bool { if (!$this->isStarted()) { $this->start(); } return isset($_SESSION[$name]); } /** * Check if the session is active * * @return boolean * * @since 2.0.0 */ public function isActive(): bool { return $this->active = session_status() === \PHP_SESSION_ACTIVE; } /** * Check if the session is started * * @return boolean * * @since 2.0.0 */ public function isStarted(): bool { return $this->started; } /** * Unset a variable from the session store * * @param string $name Name of variable * * @return mixed The value from session or NULL if not set * * @since 2.0.0 */ public function remove(string $name) { if (!$this->isStarted()) { $this->start(); } $old = $_SESSION[$name] ?? null; unset($_SESSION[$name]); return $old; } /** * Regenerates the session ID that represents this storage. * * This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit * or functional testing where a real PHP session would interfere with testing. * * @param boolean $destroy Destroy session when regenerating? * * @return boolean True on success * * @see session_regenerate_id() * @since 2.0.0 */ public function regenerate(bool $destroy = false): bool { if (headers_sent() || !$this->isActive()) { return false; } return session_regenerate_id($destroy); } /** * Set data into the session store * * @param string $name Name of a variable * @param mixed $value Value of a variable * * @return mixed Old value of a variable * * @since 2.0.0 */ public function set(string $name, $value = null) { if (!$this->isStarted()) { $this->start(); } $old = $_SESSION[$name] ?? null; $_SESSION[$name] = $value; return $old; } /** * Registers session save handler as a PHP session handler * * @param \SessionHandlerInterface $handler The save handler to use * * @return $this * * @since 2.0.0 * @throws \RuntimeException */ public function setHandler(?\SessionHandlerInterface $handler = null): self { // If the handler is an instance of our HandlerInterface, check whether it is supported if ($handler instanceof HandlerInterface) { if (!$handler::isSupported()) { throw new \RuntimeException( sprintf( 'The "%s" handler is not supported in this environment.', \get_class($handler) ) ); } } $this->handler = $handler; if (!headers_sent() && !$this->isActive()) { session_set_save_handler($this->handler, false); } return $this; } /** * Set the session ID * * @param string $id The session ID * * @return $this * * @since 2.0.0 * @throws \LogicException */ public function setId(string $id) { if ($this->isActive()) { throw new \LogicException('Cannot change the ID of an active session'); } session_id($id); return $this; } /** * Set the session name * * @param string $name The session name * * @return $this * * @since 2.0.0 * @throws \LogicException */ public function setName(string $name) { if ($this->isActive()) { throw new \LogicException('Cannot change the name of an active session'); } session_name($name); return $this; } /** * Sets session.* ini variables. * * For convenience we omit 'session.' from the beginning of the keys. * Explicitly ignores other ini keys. * * @param array $options Session ini directives array(key => value). * * @return $this * * @note Based on \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::setOptions() * @see http://php.net/session.configuration * @since 2.0.0 */ public function setOptions(array $options): self { if (headers_sent() || $this->isActive()) { return $this; } $validOptions = array_flip( [ 'cache_limiter', 'cache_expire', 'cookie_domain', 'cookie_httponly', 'cookie_lifetime', 'cookie_path', 'cookie_secure', 'gc_divisor', 'gc_maxlifetime', 'gc_probability', 'lazy_write', 'name', 'referer_check', 'serialize_handler', 'use_strict_mode', 'use_cookies', 'use_only_cookies', 'use_trans_sid', 'upload_progress.enabled', 'upload_progress.cleanup', 'upload_progress.prefix', 'upload_progress.name', 'upload_progress.freq', 'upload_progress.min-freq', 'url_rewriter.tags', 'sid_length', 'sid_bits_per_character', 'trans_sid_hosts', 'trans_sid_tags', ] ); foreach ($options as $key => $value) { if (isset($validOptions[$key])) { ini_set('session.' . $key, $value); } } return $this; } /** * Start a session * * @return void * * @since 2.0.0 */ public function start(): void { if ($this->isStarted()) { return; } if ($this->isActive()) { throw new \RuntimeException('Failed to start the session: already started by PHP.'); } if (ini_get('session.use_cookies') && headers_sent($file, $line)) { throw new \RuntimeException( sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line) ); } if (!session_start()) { throw new \RuntimeException('Failed to start the session'); } $this->isActive(); $this->closed = false; $this->started = true; } }
