MediaWiki  1.34.0
MediaWiki\Session\SessionInfo Class Reference

Value object returned by SessionProvider. More...

Collaboration diagram for MediaWiki\Session\SessionInfo:

Public Member Functions

 __construct ( $priority, array $data)
 
 __toString ()
 
 forceHTTPS ()
 Whether this session should only be used over HTTPS. More...
 
 forceUse ()
 Force use of this SessionInfo if validation fails. More...
 
 getId ()
 Return the session ID. More...
 
 getPriority ()
 Return the priority. More...
 
 getProvider ()
 Return the provider. More...
 
 getProviderMetadata ()
 Return provider metadata. More...
 
 getUserInfo ()
 Return the user. More...
 
 isIdSafe ()
 Indicate whether the ID is "safe". More...
 
 wasPersisted ()
 Return whether the session is persisted. More...
 
 wasRemembered ()
 Return whether the user was remembered. More...
 

Static Public Member Functions

static compare ( $a, $b)
 Compare two SessionInfo objects by priority. More...
 

Public Attributes

const MAX_PRIORITY = 100
 Maximum allowed priority. More...
 
const MIN_PRIORITY = 1
 Minimum allowed priority. More...
 

Private Attributes

bool $forceHTTPS = false
 
bool $forceUse = false
 
string $id
 
bool $idIsSafe = false
 
bool $persisted = false
 
int $priority
 
SessionProvider null $provider
 
array null $providerMetadata = null
 
bool $remembered = false
 
UserInfo null $userInfo = null
 

Detailed Description

Value object returned by SessionProvider.

This holds the data necessary to construct a Session.

Since
1.27

Definition at line 34 of file SessionInfo.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\SessionInfo::__construct (   $priority,
array  $data 
)
Parameters
int$prioritySession priority
array$data
  • provider: (SessionProvider|null) If not given, the provider will be determined from the saved session data.
  • id: (string|null) Session ID
  • userInfo: (UserInfo|null) User known from the request. If $provider->canChangeUser() is false, a verified user must be provided.
  • persisted: (bool) Whether this session was persisted
  • remembered: (bool) Whether the verified user was remembered. Defaults to true.
  • forceHTTPS: (bool) Whether to force HTTPS for this session
  • metadata: (array) Provider metadata, to be returned by Session::getProviderMetadata(). See SessionProvider::mergeMetadata() and SessionProvider::refreshSessionInfo().
  • idIsSafe: (bool) Set true if the 'id' did not come from the user. Generally you'll use this from SessionProvider::newEmptySession(), and not from any other method.
  • forceUse: (bool) Set true if the 'id' is from SessionProvider::hashToSessionId() to delete conflicting session store data instead of discarding this SessionInfo. Ignored unless both 'provider' and 'id' are given.
  • copyFrom: (SessionInfo) SessionInfo to copy other data items from.

Definition at line 96 of file SessionInfo.php.

References MediaWiki\Session\SessionInfo\$priority, MediaWiki\Session\SessionInfo\$provider, MediaWiki\Session\SessionInfo\forceHTTPS(), MediaWiki\Session\SessionInfo\forceUse(), MediaWiki\Session\SessionProvider\getManager(), and MediaWiki\Session\SessionManager\validateSessionId().

Member Function Documentation

◆ __toString()

MediaWiki\Session\SessionInfo::__toString ( )

◆ compare()

static MediaWiki\Session\SessionInfo::compare (   $a,
  $b 
)
static

Compare two SessionInfo objects by priority.

Parameters
SessionInfo$a
SessionInfo$b
Returns
int Negative if $a < $b, positive if $a > $b, zero if equal

Definition at line 294 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionManager\getEmptySessionInternal(), and MediaWiki\Session\SessionManager\getSessionInfoForRequest().

◆ forceHTTPS()

MediaWiki\Session\SessionInfo::forceHTTPS ( )
final

◆ forceUse()

MediaWiki\Session\SessionInfo::forceUse ( )
final

Force use of this SessionInfo if validation fails.

The normal behavior is to discard the SessionInfo if validation against the data stored in the session store fails. If this returns true, SessionManager will instead delete the session store data so this SessionInfo may still be used. This is important for providers which use deterministic IDs and so cannot just generate a random new one.

Returns
bool

Definition at line 219 of file SessionInfo.php.

References MediaWiki\Session\SessionInfo\$forceUse.

Referenced by MediaWiki\Session\SessionInfo\__construct(), and MediaWiki\Session\SessionManager\loadSessionInfoFromStore().

◆ getId()

◆ getPriority()

MediaWiki\Session\SessionInfo::getPriority ( )
final

◆ getProvider()

MediaWiki\Session\SessionInfo::getProvider ( )
final

◆ getProviderMetadata()

MediaWiki\Session\SessionInfo::getProviderMetadata ( )
final

◆ getUserInfo()

MediaWiki\Session\SessionInfo::getUserInfo ( )
final

◆ isIdSafe()

MediaWiki\Session\SessionInfo::isIdSafe ( )
final

Indicate whether the ID is "safe".

The ID is safe in the following cases:

  • The ID was randomly generated by the constructor.
  • The ID was found in the backend data store.
  • $this->getProvider()->persistsSessionId() is false.
  • The constructor was explicitly told it's safe using the 'idIsSafe' parameter.
Returns
bool

Definition at line 204 of file SessionInfo.php.

References MediaWiki\Session\SessionInfo\$idIsSafe.

Referenced by MediaWiki\Session\SessionManager\getSessionFromInfo(), and MediaWiki\Session\SessionManager\loadSessionInfoFromStore().

◆ wasPersisted()

MediaWiki\Session\SessionInfo::wasPersisted ( )
final

◆ wasRemembered()

MediaWiki\Session\SessionInfo::wasRemembered ( )
final

Return whether the user was remembered.

For providers that can persist the user separately from the session, the human using it may not actually want that to be done. For example, a cookie-based provider can set cookies that are longer-lived than the backend session data, but on a public terminal the human likely doesn't want those cookies set.

This is false unless a non-anonymous verified user was passed to the SessionInfo constructor by the provider, and the provider didn't pass false for the 'remembered' data item.

Returns
bool

Definition at line 270 of file SessionInfo.php.

References MediaWiki\Session\SessionInfo\$remembered.

Referenced by MediaWiki\Session\SessionBackend\__construct(), MediaWiki\Session\SessionManager\getSessionFromInfo(), and MediaWiki\Session\SessionManager\loadSessionInfoFromStore().

Member Data Documentation

◆ $forceHTTPS

bool MediaWiki\Session\SessionInfo::$forceHTTPS = false
private

Definition at line 60 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\forceHTTPS().

◆ $forceUse

bool MediaWiki\Session\SessionInfo::$forceUse = false
private

Definition at line 66 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\forceUse().

◆ $id

string MediaWiki\Session\SessionInfo::$id
private

Definition at line 45 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\getId().

◆ $idIsSafe

bool MediaWiki\Session\SessionInfo::$idIsSafe = false
private

Definition at line 63 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\isIdSafe().

◆ $persisted

bool MediaWiki\Session\SessionInfo::$persisted = false
private

Definition at line 54 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\wasPersisted().

◆ $priority

int MediaWiki\Session\SessionInfo::$priority
private

◆ $provider

SessionProvider null MediaWiki\Session\SessionInfo::$provider
private

◆ $providerMetadata

array null MediaWiki\Session\SessionInfo::$providerMetadata = null
private

Definition at line 69 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\getProviderMetadata().

◆ $remembered

bool MediaWiki\Session\SessionInfo::$remembered = false
private

Definition at line 57 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\wasRemembered().

◆ $userInfo

UserInfo null MediaWiki\Session\SessionInfo::$userInfo = null
private

Definition at line 51 of file SessionInfo.php.

Referenced by MediaWiki\Session\SessionInfo\getUserInfo().

◆ MAX_PRIORITY

◆ MIN_PRIORITY


The documentation for this class was generated from the following file: