MediaWiki  1.33.0
PHPSessionHandler.php
Go to the documentation of this file.
1 <?php
24 namespace MediaWiki\Session;
25 
26 use Psr\Log\LoggerInterface;
28 
34 class PHPSessionHandler implements \SessionHandlerInterface {
36  protected static $instance = null;
37 
39  protected $enable = false;
40 
42  protected $warn = true;
43 
45  protected $manager;
46 
48  protected $store;
49 
51  protected $logger;
52 
54  protected $sessionFieldCache = [];
55 
56  protected function __construct( SessionManager $manager ) {
57  $this->setEnableFlags(
58  \RequestContext::getMain()->getConfig()->get( 'PHPSessionHandling' )
59  );
61  }
62 
71  private function setEnableFlags( $PHPSessionHandling ) {
72  switch ( $PHPSessionHandling ) {
73  case 'enable':
74  $this->enable = true;
75  $this->warn = false;
76  break;
77 
78  case 'warn':
79  $this->enable = true;
80  $this->warn = true;
81  break;
82 
83  case 'disable':
84  $this->enable = false;
85  $this->warn = false;
86  break;
87  }
88  }
89 
94  public static function isInstalled() {
95  return (bool)self::$instance;
96  }
97 
102  public static function isEnabled() {
103  return self::$instance && self::$instance->enable;
104  }
105 
110  public static function install( SessionManager $manager ) {
111  if ( self::$instance ) {
112  $manager->setupPHPSessionHandler( self::$instance );
113  return;
114  }
115 
116  // @codeCoverageIgnoreStart
117  if ( defined( 'MW_NO_SESSION_HANDLER' ) ) {
118  throw new \BadMethodCallException( 'MW_NO_SESSION_HANDLER is defined' );
119  }
120  // @codeCoverageIgnoreEnd
121 
122  self::$instance = new self( $manager );
123 
124  // Close any auto-started session, before we replace it
125  session_write_close();
126 
127  try {
128  \Wikimedia\suppressWarnings();
129 
130  // Tell PHP not to mess with cookies itself
131  ini_set( 'session.use_cookies', 0 );
132  ini_set( 'session.use_trans_sid', 0 );
133 
134  // T124510: Disable automatic PHP session related cache headers.
135  // MediaWiki adds it's own headers and the default PHP behavior may
136  // set headers such as 'Pragma: no-cache' that cause problems with
137  // some user agents.
138  session_cache_limiter( '' );
139 
140  // Also set a sane serialization handler
141  \Wikimedia\PhpSessionSerializer::setSerializeHandler();
142 
143  // Register this as the save handler, and register an appropriate
144  // shutdown function.
145  session_set_save_handler( self::$instance, true );
146  } finally {
147  \Wikimedia\restoreWarnings();
148  }
149  }
150 
158  public function setManager(
160  ) {
161  if ( $this->manager !== $manager ) {
162  // Close any existing session before we change stores
163  if ( $this->manager ) {
164  session_write_close();
165  }
166  $this->manager = $manager;
167  $this->store = $store;
168  $this->logger = $logger;
169  \Wikimedia\PhpSessionSerializer::setLogger( $this->logger );
170  }
171  }
172 
180  public function open( $save_path, $session_name ) {
181  if ( self::$instance !== $this ) {
182  throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
183  }
184  if ( !$this->enable ) {
185  throw new \BadMethodCallException( 'Attempt to use PHP session management' );
186  }
187  return true;
188  }
189 
195  public function close() {
196  if ( self::$instance !== $this ) {
197  throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
198  }
199  $this->sessionFieldCache = [];
200  return true;
201  }
202 
209  public function read( $id ) {
210  if ( self::$instance !== $this ) {
211  throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
212  }
213  if ( !$this->enable ) {
214  throw new \BadMethodCallException( 'Attempt to use PHP session management' );
215  }
216 
217  $session = $this->manager->getSessionById( $id, false );
218  if ( !$session ) {
219  return '';
220  }
221  $session->persist();
222 
223  $data = iterator_to_array( $session );
224  $this->sessionFieldCache[$id] = $data;
225  return (string)\Wikimedia\PhpSessionSerializer::encode( $data );
226  }
227 
237  public function write( $id, $dataStr ) {
238  if ( self::$instance !== $this ) {
239  throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
240  }
241  if ( !$this->enable ) {
242  throw new \BadMethodCallException( 'Attempt to use PHP session management' );
243  }
244 
245  $session = $this->manager->getSessionById( $id, true );
246  if ( !$session ) {
247  // This can happen under normal circumstances, if the session exists but is
248  // invalid. Let's emit a log warning instead of a PHP warning.
249  $this->logger->warning(
250  __METHOD__ . ': Session "{session}" cannot be loaded, skipping write.',
251  [
252  'session' => $id,
253  ] );
254  return true;
255  }
256 
257  // First, decode the string PHP handed us
258  $data = \Wikimedia\PhpSessionSerializer::decode( $dataStr );
259  if ( $data === null ) {
260  // @codeCoverageIgnoreStart
261  return false;
262  // @codeCoverageIgnoreEnd
263  }
264 
265  // Now merge the data into the Session object.
266  $changed = false;
267  $cache = $this->sessionFieldCache[$id] ?? [];
268  foreach ( $data as $key => $value ) {
269  if ( !array_key_exists( $key, $cache ) ) {
270  if ( $session->exists( $key ) ) {
271  // New in both, so ignore and log
272  $this->logger->warning(
273  __METHOD__ . ": Key \"$key\" added in both Session and \$_SESSION!"
274  );
275  } else {
276  // New in $_SESSION, keep it
277  $session->set( $key, $value );
278  $changed = true;
279  }
280  } elseif ( $cache[$key] === $value ) {
281  // Unchanged in $_SESSION, so ignore it
282  } elseif ( !$session->exists( $key ) ) {
283  // Deleted in Session, keep but log
284  $this->logger->warning(
285  __METHOD__ . ": Key \"$key\" deleted in Session and changed in \$_SESSION!"
286  );
287  $session->set( $key, $value );
288  $changed = true;
289  } elseif ( $cache[$key] === $session->get( $key ) ) {
290  // Unchanged in Session, so keep it
291  $session->set( $key, $value );
292  $changed = true;
293  } else {
294  // Changed in both, so ignore and log
295  $this->logger->warning(
296  __METHOD__ . ": Key \"$key\" changed in both Session and \$_SESSION!"
297  );
298  }
299  }
300  // Anything deleted in $_SESSION and unchanged in Session should be deleted too
301  // (but not if $_SESSION can't represent it at all)
302  \Wikimedia\PhpSessionSerializer::setLogger( new \Psr\Log\NullLogger() );
303  foreach ( $cache as $key => $value ) {
304  if ( !array_key_exists( $key, $data ) && $session->exists( $key ) &&
305  \Wikimedia\PhpSessionSerializer::encode( [ $key => true ] )
306  ) {
307  if ( $cache[$key] === $session->get( $key ) ) {
308  // Unchanged in Session, delete it
309  $session->remove( $key );
310  $changed = true;
311  } else {
312  // Changed in Session, ignore deletion and log
313  $this->logger->warning(
314  __METHOD__ . ": Key \"$key\" changed in Session and deleted in \$_SESSION!"
315  );
316  }
317  }
318  }
319  \Wikimedia\PhpSessionSerializer::setLogger( $this->logger );
320 
321  // Save and update cache if anything changed
322  if ( $changed ) {
323  if ( $this->warn ) {
324  wfDeprecated( '$_SESSION', '1.27' );
325  $this->logger->warning( 'Something wrote to $_SESSION!' );
326  }
327 
328  $session->save();
329  $this->sessionFieldCache[$id] = iterator_to_array( $session );
330  }
331 
332  $session->persist();
333 
334  return true;
335  }
336 
343  public function destroy( $id ) {
344  if ( self::$instance !== $this ) {
345  throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
346  }
347  if ( !$this->enable ) {
348  throw new \BadMethodCallException( 'Attempt to use PHP session management' );
349  }
350  $session = $this->manager->getSessionById( $id, false );
351  if ( $session ) {
352  $session->clear();
353  }
354  return true;
355  }
356 
364  public function gc( $maxlifetime ) {
365  if ( self::$instance !== $this ) {
366  throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
367  }
368  $before = date( 'YmdHis', time() );
369  $this->store->deleteObjectsExpiringBefore( $before );
370  return true;
371  }
372 }
MediaWiki\Session\PHPSessionHandler\install
static install(SessionManager $manager)
Install a session handler for the current web request.
Definition: PHPSessionHandler.php:110
MediaWiki\Session\PHPSessionHandler\$warn
bool $warn
Definition: PHPSessionHandler.php:42
MediaWiki\Session\PHPSessionHandler\$instance
static PHPSessionHandler $instance
Definition: PHPSessionHandler.php:36
MediaWiki\Session\PHPSessionHandler\setManager
setManager(SessionManager $manager, BagOStuff $store, LoggerInterface $logger)
Set the manager, store, and logger.
Definition: PHPSessionHandler.php:158
MediaWiki\Session\SessionManager\setupPHPSessionHandler
setupPHPSessionHandler(PHPSessionHandler $handler)
Call setters on a PHPSessionHandler.
Definition: SessionManager.php:926
MediaWiki\Session\PHPSessionHandler\$sessionFieldCache
array $sessionFieldCache
Track original session fields for later modification check.
Definition: PHPSessionHandler.php:54
MediaWiki\Session\PHPSessionHandler\isEnabled
static isEnabled()
Test whether the handler is installed and enabled.
Definition: PHPSessionHandler.php:102
MediaWiki\Session\PHPSessionHandler\$logger
LoggerInterface $logger
Definition: PHPSessionHandler.php:51
BagOStuff
Class representing a cache/ephemeral data store.
Definition: BagOStuff.php:58
MediaWiki\Session\PHPSessionHandler\gc
gc( $maxlifetime)
Execute garbage collection.
Definition: PHPSessionHandler.php:364
MediaWiki\Session\PHPSessionHandler\open
open( $save_path, $session_name)
Initialize the session (handler)
Definition: PHPSessionHandler.php:180
MediaWiki\Session\PHPSessionHandler\$enable
bool $enable
Whether PHP session handling is enabled.
Definition: PHPSessionHandler.php:39
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
$data
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
Definition: generatePhpCharToUpperMappings.php:13
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition: GlobalFunctions.php:1078
use
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation to deal in the Software without including without limitation the rights to use
Definition: MIT-LICENSE.txt:10
MediaWiki\Session
Definition: BotPasswordSessionProvider.php:24
array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
MediaWiki\Session\PHPSessionHandler
Adapter for PHP's session handling.
Definition: PHPSessionHandler.php:34
$value
$value
Definition: styleTest.css.php:49
MediaWiki\Session\PHPSessionHandler\destroy
destroy( $id)
Destroy a session.
Definition: PHPSessionHandler.php:343
MediaWiki\Session\PHPSessionHandler\close
close()
Close the session (handler)
Definition: PHPSessionHandler.php:195
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition: SessionManager.php:50
MediaWiki\Session\PHPSessionHandler\setEnableFlags
setEnableFlags( $PHPSessionHandling)
Set $this->enable and $this->warn.
Definition: PHPSessionHandler.php:71
MediaWiki\Session\PHPSessionHandler\$store
BagOStuff null $store
Definition: PHPSessionHandler.php:48
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:430
MediaWiki\Session\PHPSessionHandler\write
write( $id, $dataStr)
Write session data.
Definition: PHPSessionHandler.php:237
$cache
$cache
Definition: mcc.php:33
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
MediaWiki\Session\PHPSessionHandler\__construct
__construct(SessionManager $manager)
Definition: PHPSessionHandler.php:56
MediaWiki\Session\PHPSessionHandler\isInstalled
static isInstalled()
Test whether the handler is installed.
Definition: PHPSessionHandler.php:94
MediaWiki\Session\PHPSessionHandler\$manager
SessionManager null $manager
Definition: PHPSessionHandler.php:45
MediaWiki\Session\PHPSessionHandler\read
read( $id)
Read session data.
Definition: PHPSessionHandler.php:209