59 parent::__construct();
62 'cookieOptions' => [],
67 if ( !isset(
$params[
'priority'] ) ) {
68 throw new \InvalidArgumentException( __METHOD__ .
': priority must be specified' );
73 throw new \InvalidArgumentException( __METHOD__ .
': Invalid priority' );
76 if ( !is_array(
$params[
'cookieOptions'] ) ) {
77 throw new \InvalidArgumentException( __METHOD__ .
': cookieOptions must be an array' );
80 $this->priority =
$params[
'priority'];
81 $this->cookieOptions =
$params[
'cookieOptions'];
83 unset( $this->params[
'priority'] );
84 unset( $this->params[
'cookieOptions'] );
97 $this->cookieOptions += [
105 'sameSite' => $sameSite,
110 $sessionId = $this->
getCookie( $request, $this->params[
'sessionName'],
'' );
113 'forceHTTPS' => $this->
getCookie( $request,
'forceHTTPS',
'',
false )
116 $info[
'id'] = $sessionId;
117 $info[
'persisted'] =
true;
121 if ( $userId !==
null ) {
124 }
catch ( \InvalidArgumentException $ex ) {
128 if ( $userName !==
null && $userInfo->getName() !== $userName ) {
129 $this->logger->warning(
130 'Session "{session}" requested with mismatched UserID and UserName cookies.',
132 'session' => $sessionId,
135 'cookie_username' => $userName,
136 'username' => $userInfo->getName(),
142 if ( $token !==
null ) {
143 if ( !hash_equals( $userInfo->getToken(), $token ) ) {
144 $this->logger->warning(
145 'Session "{session}" requested with invalid Token cookie.',
147 'session' => $sessionId,
149 'username' => $userInfo->getName(),
153 $info[
'userInfo'] = $userInfo->verified();
154 $info[
'persisted'] =
true;
155 } elseif ( isset( $info[
'id'] ) ) {
156 $info[
'userInfo'] = $userInfo;
162 } elseif ( isset( $info[
'id'] ) ) {
168 $this->logger->debug(
169 'Session "{session}" requested without UserID cookie',
171 'session' => $info[
'id'],
193 if ( $response->headersSent() ) {
195 $this->logger->debug( __METHOD__ .
': Headers already sent' );
212 $response->setCookie( $this->params[
'sessionName'], $session->
getId(),
null,
213 [
'prefix' =>
'' ] + $options
216 foreach ( $cookies as $key => $value ) {
217 if ( $value ===
false ) {
218 $response->clearCookie( $key, $options );
221 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
222 $response->setCookie( $key, (
string)$value, $expiration, $options );
229 if ( $sessionData ) {
230 $session->
addData( $sessionData );
236 if ( $response->headersSent() ) {
238 $this->logger->debug( __METHOD__ .
': Headers already sent' );
247 $response->clearCookie(
248 $this->params[
'sessionName'], [
'prefix' =>
'' ] + $this->cookieOptions
251 foreach ( $cookies as $key => $value ) {
252 $response->clearCookie( $key, $this->cookieOptions );
277 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
281 $response->setCookie(
'forceHTTPS',
'true', $expiration,
282 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
284 $response->clearCookie(
'forceHTTPS',
285 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
294 if ( $loggedOut + 86400 > time() &&
295 $loggedOut !== (
int)$this->
getCookie( $request,
'LoggedOut', $this->cookieOptions[
'prefix'] )
297 $request->
response()->setCookie(
'LoggedOut', (
string)$loggedOut, $loggedOut + 86400,
298 $this->cookieOptions );
306 $this->cookieOptions[
'prefix'] .
'Token',
307 $this->cookieOptions[
'prefix'] .
'LoggedOut',
308 $this->params[
'sessionName'],
314 $name = $this->
getCookie( $request,
'UserName', $this->cookieOptions[
'prefix'] );
315 if ( $name !==
null ) {
316 if ( $this->userNameUtils->isTemp( $name ) ) {
319 $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_USABLE );
322 return $name ===
false ? null : $name;
331 $prefix = $this->cookieOptions[
'prefix'];
333 $this->
getCookie( $request,
'UserID', $prefix ),
334 $this->
getCookie( $request,
'UserName', $prefix ),
335 $this->
getCookie( $request,
'Token', $prefix ),
347 protected function getCookie( $request, $key, $prefix, $default =
null ) {
348 $value = $request->getCookie( $key, $prefix, $default );
349 if ( $value ===
'deleted' ) {
367 if ( $user->isAnon() ) {
374 'UserID' => $user->getId(),
375 'UserName' => $user->getName(),
376 'Token' => $remember ? (string)$user->getToken() :
false,
391 return wfMessage(
'sessionprovider-nocookies' );
406 return [
'UserID',
'UserName',
'Token' ];
423 if ( $shouldRememberUser && in_array( $cookieName, $extendedCookies,
true ) ) {
426 return ( $extendedExpiration !==
null ) ? (int)$extendedExpiration : (int)$normalExpiration;
428 return (
int)$normalExpiration;
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
A class containing constants representing the names of configuration variables.
const ForceHTTPS
Name constant for the ForceHTTPS setting, for use with Config::get()
const CookieExpiration
Name constant for the CookieExpiration setting, for use with Config::get()
const CookieDomain
Name constant for the CookieDomain setting, for use with Config::get()
const CookiePath
Name constant for the CookiePath setting, for use with Config::get()
const CookieSameSite
Name constant for the CookieSameSite setting, for use with Config::get()
const CookieSecure
Name constant for the CookieSecure setting, for use with Config::get()
const SessionName
Name constant for the SessionName setting, for use with Config::get()
const ExtendedLoginCookieExpiration
Name constant for the ExtendedLoginCookieExpiration setting, for use with Config::get()
const CookiePrefix
Name constant for the CookiePrefix setting, for use with Config::get()
const CookieHttpOnly
Name constant for the CookieHttpOnly setting, for use with Config::get()