friendica/include/session.php

135 lines
3 KiB
PHP
Raw Normal View History

2010-07-01 23:48:07 +00:00
<?php
/**
* Session management functions. These provide database storage of PHP session info.
*/
use Friendica\Core\Cache;
use Friendica\Core\Config;
2017-11-08 03:57:46 +00:00
use Friendica\Database\DBM;
2010-07-01 23:48:07 +00:00
$session_exists = 0;
$session_expire = 180000;
function ref_session_open()
{
return true;
}
2010-07-01 23:48:07 +00:00
function ref_session_read($id)
{
global $session_exists;
if (!x($id)) {
return '';
}
$memcache = Cache::memcache();
if (is_object($memcache)) {
$data = $memcache->get(get_app()->get_hostname().":session:".$id);
if (!is_bool($data)) {
$session_exists = true;
return $data;
}
logger("no data for session $id", LOGGER_TRACE);
return '';
}
2018-01-10 13:36:02 +00:00
$r = dba::selectFirst('session', ['data'], ['sid' => $id]);
2017-11-08 03:57:46 +00:00
if (DBM::is_result($r)) {
$session_exists = true;
return $r['data'];
} else {
logger("no data for session $id", LOGGER_TRACE);
}
return '';
}
2010-07-01 23:48:07 +00:00
/**
* @brief Standard PHP session write callback
*
* This callback updates the DB-stored session data and/or the expiration depending
* on the case. Uses the $session_expire global for existing session, 5 minutes
* for newly created session.
*
* @global bool $session_exists Whether a session with the given id already exists
* @global int $session_expire Session expiration delay in seconds
* @param string $id Session ID with format: [a-z0-9]{26}
* @param string $data Serialized session data
* @return boolean Returns false if parameters are missing, true otherwise
*/
function ref_session_write($id, $data)
{
global $session_exists, $session_expire;
if (!$id) {
return false;
}
if (!$data) {
return true;
}
$expire = time() + $session_expire;
$default_expire = time() + 300;
$memcache = Cache::memcache();
2017-01-20 22:22:05 +00:00
$a = get_app();
if (is_object($memcache) && is_object($a)) {
2017-01-20 22:22:05 +00:00
$memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
return true;
}
if ($session_exists) {
$fields = array('data' => $data, 'expire' => $expire);
2017-10-31 19:28:39 +00:00
$condition = array("`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire);
dba::update('session', $fields, $condition);
} else {
$fields = array('sid' => $id, 'expire' => $default_expire, 'data' => $data);
dba::insert('session', $fields);
}
return true;
}
2010-07-01 23:48:07 +00:00
function ref_session_close()
{
return true;
}
function ref_session_destroy($id)
{
$memcache = Cache::memcache();
if (is_object($memcache)) {
$memcache->delete(get_app()->get_hostname().":session:".$id);
return true;
}
2010-07-01 23:48:07 +00:00
dba::delete('session', array('sid' => $id));
return true;
}
2010-07-01 23:48:07 +00:00
function ref_session_gc()
{
dba::delete('session', array("`expire` < ?", time()));
return true;
}
2010-07-01 23:48:07 +00:00
$gc_probability = 50;
ini_set('session.gc_probability', $gc_probability);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
ini_set('session.cookie_secure', 1);
}
if (!Config::get('system', 'disable_database_session')) {
session_set_save_handler(
'ref_session_open', 'ref_session_close',
'ref_session_read', 'ref_session_write',
'ref_session_destroy', 'ref_session_gc'
);
}