MediaWiki  1.34.4
ImmutableSessionProviderWithCookie.php
Go to the documentation of this file.
1 <?php
24 namespace MediaWiki\Session;
25 
26 use WebRequest;
27 
40 abstract class ImmutableSessionProviderWithCookie extends SessionProvider {
41 
43  protected $sessionCookieName = null;
45  protected $sessionCookieOptions = [];
46 
53  public function __construct( $params = [] ) {
54  parent::__construct();
55 
56  if ( isset( $params['sessionCookieName'] ) ) {
57  if ( !is_string( $params['sessionCookieName'] ) ) {
58  throw new \InvalidArgumentException( 'sessionCookieName must be a string' );
59  }
60  $this->sessionCookieName = $params['sessionCookieName'];
61  }
62  if ( isset( $params['sessionCookieOptions'] ) ) {
63  if ( !is_array( $params['sessionCookieOptions'] ) ) {
64  throw new \InvalidArgumentException( 'sessionCookieOptions must be an array' );
65  }
66  $this->sessionCookieOptions = $params['sessionCookieOptions'];
67  }
68  }
69 
81  protected function getSessionIdFromCookie( WebRequest $request ) {
82  if ( $this->sessionCookieName === null ) {
83  throw new \BadMethodCallException(
84  __METHOD__ . ' may not be called when $this->sessionCookieName === null'
85  );
86  }
87 
88  $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
89  $id = $request->getCookie( $this->sessionCookieName, $prefix );
90  return SessionManager::validateSessionId( $id ) ? $id : null;
91  }
92 
93  public function persistsSessionId() {
94  return $this->sessionCookieName !== null;
95  }
96 
97  public function canChangeUser() {
98  return false;
99  }
100 
101  public function persistSession( SessionBackend $session, WebRequest $request ) {
102  if ( $this->sessionCookieName === null ) {
103  return;
104  }
105 
106  $response = $request->response();
107  if ( $response->headersSent() ) {
108  // Can't do anything now
109  $this->logger->debug( __METHOD__ . ': Headers already sent' );
110  return;
111  }
112 
113  $options = $this->sessionCookieOptions;
114  if ( $session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS() ) {
115  // Send a cookie unless $wgForceHTTPS is set (T256095)
116  if ( !$this->config->get( 'ForceHTTPS' ) ) {
117  $response->setCookie( 'forceHTTPS', 'true', null,
118  [ 'prefix' => '', 'secure' => false ] + $options );
119  }
120  $options['secure'] = true;
121  }
122 
123  $response->setCookie( $this->sessionCookieName, $session->getId(), null, $options );
124  }
125 
126  public function unpersistSession( WebRequest $request ) {
127  if ( $this->sessionCookieName === null ) {
128  return;
129  }
130 
131  $response = $request->response();
132  if ( $response->headersSent() ) {
133  // Can't do anything now
134  $this->logger->debug( __METHOD__ . ': Headers already sent' );
135  return;
136  }
137 
138  $response->clearCookie( $this->sessionCookieName, $this->sessionCookieOptions );
139  }
140 
141  public function getVaryCookies() {
142  if ( $this->sessionCookieName === null ) {
143  return [];
144  }
145 
146  $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
147  return [ $prefix . $this->sessionCookieName ];
148  }
149 
150  public function whyNoSession() {
151  return wfMessage( 'sessionprovider-nocookies' );
152  }
153 }
MediaWiki\Session\ImmutableSessionProviderWithCookie\$sessionCookieName
string null $sessionCookieName
Definition: ImmutableSessionProviderWithCookie.php:43
MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
Definition: ImmutableSessionProviderWithCookie.php:81
MediaWiki\Session\SessionBackend\getUser
getUser()
Returns the authenticated user for this session.
Definition: SessionBackend.php:391
$response
$response
Definition: opensearch_desc.php:38
MediaWiki\Session\SessionBackend\getId
getId()
Returns the session ID.
Definition: SessionBackend.php:225
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition: GlobalFunctions.php:1263
MediaWiki\Session\ImmutableSessionProviderWithCookie\unpersistSession
unpersistSession(WebRequest $request)
Remove any persisted session from a request/response.
Definition: ImmutableSessionProviderWithCookie.php:126
MediaWiki\Session\ImmutableSessionProviderWithCookie
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
Definition: ImmutableSessionProviderWithCookie.php:40
MediaWiki\Session\SessionManager\validateSessionId
static validateSessionId( $id)
Validate a session ID.
Definition: SessionManager.php:365
MediaWiki\Session\ImmutableSessionProviderWithCookie\canChangeUser
canChangeUser()
Indicate whether the user associated with the request can be changed.
Definition: ImmutableSessionProviderWithCookie.php:97
MediaWiki\Session\SessionProvider
A SessionProvider provides SessionInfo and support for Session.
Definition: SessionProvider.php:78
MediaWiki\Session\ImmutableSessionProviderWithCookie\$sessionCookieOptions
mixed[] $sessionCookieOptions
Definition: ImmutableSessionProviderWithCookie.php:45
MediaWiki\Session
Definition: BotPasswordSessionProvider.php:24
WebRequest\response
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff,...
Definition: WebRequest.php:1069
MediaWiki\Session\SessionBackend\shouldForceHTTPS
shouldForceHTTPS()
Whether HTTPS should be forced.
Definition: SessionBackend.php:451
WebRequest\getCookie
getCookie( $key, $prefix=null, $default=null)
Get a cookie from the $_COOKIE jar.
Definition: WebRequest.php:839
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:42
MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession
persistSession(SessionBackend $session, WebRequest $request)
Persist a session into a request/response.
Definition: ImmutableSessionProviderWithCookie.php:101
MediaWiki\Session\ImmutableSessionProviderWithCookie\persistsSessionId
persistsSessionId()
Indicate whether self::persistSession() can save arbitrary session IDs.
Definition: ImmutableSessionProviderWithCookie.php:93
MediaWiki\Session\ImmutableSessionProviderWithCookie\whyNoSession
whyNoSession()
Return a Message for why sessions might not be being persisted.
Definition: ImmutableSessionProviderWithCookie.php:150
MediaWiki\Session\ImmutableSessionProviderWithCookie\getVaryCookies
getVaryCookies()
Return the list of cookies that need varying on.
Definition: ImmutableSessionProviderWithCookie.php:141
MediaWiki\Session\ImmutableSessionProviderWithCookie\__construct
__construct( $params=[])
Definition: ImmutableSessionProviderWithCookie.php:53
MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition: SessionBackend.php:50