MediaWiki REL1_28
SessionBackend.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
27use Psr\Log\LoggerInterface;
28use User;
30
49final class SessionBackend {
51 private $id;
52
53 private $persist = false;
54 private $remember = false;
55 private $forceHTTPS = false;
56
58 private $data = null;
59
60 private $forcePersist = false;
61 private $metaDirty = false;
62 private $dataDirty = false;
63
65 private $dataHash = null;
66
68 private $store;
69
71 private $logger;
72
74 private $lifetime;
75
77 private $user;
78
79 private $curIndex = 0;
80
82 private $requests = [];
83
85 private $provider;
86
88 private $providerMetadata = null;
89
90 private $expires = 0;
91 private $loggedOut = 0;
92 private $delaySave = 0;
93
94 private $usePhpSessionHandling = true;
96
97 private $shutdown = false;
98
106 public function __construct(
108 ) {
109 $phpSessionHandling = \RequestContext::getMain()->getConfig()->get( 'PHPSessionHandling' );
110 $this->usePhpSessionHandling = $phpSessionHandling !== 'disable';
111
112 if ( $info->getUserInfo() && !$info->getUserInfo()->isVerified() ) {
113 throw new \InvalidArgumentException(
114 "Refusing to create session for unverified user {$info->getUserInfo()}"
115 );
116 }
117 if ( $info->getProvider() === null ) {
118 throw new \InvalidArgumentException( 'Cannot create session without a provider' );
119 }
120 if ( $info->getId() !== $id->getId() ) {
121 throw new \InvalidArgumentException( 'SessionId and SessionInfo don\'t match' );
122 }
123
124 $this->id = $id;
125 $this->user = $info->getUserInfo() ? $info->getUserInfo()->getUser() : new User;
126 $this->store = $store;
127 $this->logger = $logger;
128 $this->lifetime = $lifetime;
129 $this->provider = $info->getProvider();
130 $this->persist = $info->wasPersisted();
131 $this->remember = $info->wasRemembered();
132 $this->forceHTTPS = $info->forceHTTPS();
133 $this->providerMetadata = $info->getProviderMetadata();
134
135 $blob = $store->get( wfMemcKey( 'MWSession', (string)$this->id ) );
136 if ( !is_array( $blob ) ||
137 !isset( $blob['metadata'] ) || !is_array( $blob['metadata'] ) ||
138 !isset( $blob['data'] ) || !is_array( $blob['data'] )
139 ) {
140 $this->data = [];
141 $this->dataDirty = true;
142 $this->metaDirty = true;
143 $this->logger->debug(
144 'SessionBackend "{session}" is unsaved, marking dirty in constructor',
145 [
146 'session' => $this->id,
147 ] );
148 } else {
149 $this->data = $blob['data'];
150 if ( isset( $blob['metadata']['loggedOut'] ) ) {
151 $this->loggedOut = (int)$blob['metadata']['loggedOut'];
152 }
153 if ( isset( $blob['metadata']['expires'] ) ) {
154 $this->expires = (int)$blob['metadata']['expires'];
155 } else {
156 $this->metaDirty = true;
157 $this->logger->debug(
158 'SessionBackend "{session}" metadata dirty due to missing expiration timestamp',
159 [
160 'session' => $this->id,
161 ] );
162 }
163 }
164 $this->dataHash = md5( serialize( $this->data ) );
165 }
166
172 public function getSession( WebRequest $request ) {
173 $index = ++$this->curIndex;
174 $this->requests[$index] = $request;
175 $session = new Session( $this, $index, $this->logger );
176 return $session;
177 }
178
184 public function deregisterSession( $index ) {
185 unset( $this->requests[$index] );
186 if ( !$this->shutdown && !count( $this->requests ) ) {
187 $this->save( true );
188 $this->provider->getManager()->deregisterSessionBackend( $this );
189 }
190 }
191
196 public function shutdown() {
197 $this->save( true );
198 $this->shutdown = true;
199 }
200
205 public function getId() {
206 return (string)$this->id;
207 }
208
214 public function getSessionId() {
215 return $this->id;
216 }
217
222 public function resetId() {
223 if ( $this->provider->persistsSessionId() ) {
224 $oldId = (string)$this->id;
225 $restart = $this->usePhpSessionHandling && $oldId === session_id() &&
227
228 if ( $restart ) {
229 // If this session is the one behind PHP's $_SESSION, we need
230 // to close then reopen it.
231 session_write_close();
232 }
233
234 $this->provider->getManager()->changeBackendId( $this );
235 $this->provider->sessionIdWasReset( $this, $oldId );
236 $this->metaDirty = true;
237 $this->logger->debug(
238 'SessionBackend "{session}" metadata dirty due to ID reset (formerly "{oldId}")',
239 [
240 'session' => $this->id,
241 'oldId' => $oldId,
242 ] );
243
244 if ( $restart ) {
245 session_id( (string)$this->id );
246 \MediaWiki\quietCall( 'session_start' );
247 }
248
249 $this->autosave();
250
251 // Delete the data for the old session ID now
252 $this->store->delete( wfMemcKey( 'MWSession', $oldId ) );
253 }
254 }
255
260 public function getProvider() {
261 return $this->provider;
262 }
263
271 public function isPersistent() {
272 return $this->persist;
273 }
274
281 public function persist() {
282 if ( !$this->persist ) {
283 $this->persist = true;
284 $this->forcePersist = true;
285 $this->metaDirty = true;
286 $this->logger->debug(
287 'SessionBackend "{session}" force-persist due to persist()',
288 [
289 'session' => $this->id,
290 ] );
291 $this->autosave();
292 } else {
293 $this->renew();
294 }
295 }
296
300 public function unpersist() {
301 if ( $this->persist ) {
302 // Close the PHP session, if we're the one that's open
303 if ( $this->usePhpSessionHandling && PHPSessionHandler::isEnabled() &&
304 session_id() === (string)$this->id
305 ) {
306 $this->logger->debug(
307 'SessionBackend "{session}" Closing PHP session for unpersist',
308 [ 'session' => $this->id ]
309 );
310 session_write_close();
311 session_id( '' );
312 }
313
314 $this->persist = false;
315 $this->forcePersist = true;
316 $this->metaDirty = true;
317
318 // Delete the session data, so the local cache-only write in
319 // self::save() doesn't get things out of sync with the backend.
320 $this->store->delete( wfMemcKey( 'MWSession', (string)$this->id ) );
321
322 $this->autosave();
323 }
324 }
325
331 public function shouldRememberUser() {
332 return $this->remember;
333 }
334
340 public function setRememberUser( $remember ) {
341 if ( $this->remember !== (bool)$remember ) {
342 $this->remember = (bool)$remember;
343 $this->metaDirty = true;
344 $this->logger->debug(
345 'SessionBackend "{session}" metadata dirty due to remember-user change',
346 [
347 'session' => $this->id,
348 ] );
349 $this->autosave();
350 }
351 }
352
358 public function getRequest( $index ) {
359 if ( !isset( $this->requests[$index] ) ) {
360 throw new \InvalidArgumentException( 'Invalid session index' );
361 }
362 return $this->requests[$index];
363 }
364
369 public function getUser() {
370 return $this->user;
371 }
372
377 public function getAllowedUserRights() {
378 return $this->provider->getAllowedUserRights( $this );
379 }
380
385 public function canSetUser() {
386 return $this->provider->canChangeUser();
387 }
388
396 public function setUser( $user ) {
397 if ( !$this->canSetUser() ) {
398 throw new \BadMethodCallException(
399 'Cannot set user on this session; check $session->canSetUser() first'
400 );
401 }
402
403 $this->user = $user;
404 $this->metaDirty = true;
405 $this->logger->debug(
406 'SessionBackend "{session}" metadata dirty due to user change',
407 [
408 'session' => $this->id,
409 ] );
410 $this->autosave();
411 }
412
418 public function suggestLoginUsername( $index ) {
419 if ( !isset( $this->requests[$index] ) ) {
420 throw new \InvalidArgumentException( 'Invalid session index' );
421 }
422 return $this->provider->suggestLoginUsername( $this->requests[$index] );
423 }
424
429 public function shouldForceHTTPS() {
430 return $this->forceHTTPS;
431 }
432
437 public function setForceHTTPS( $force ) {
438 if ( $this->forceHTTPS !== (bool)$force ) {
439 $this->forceHTTPS = (bool)$force;
440 $this->metaDirty = true;
441 $this->logger->debug(
442 'SessionBackend "{session}" metadata dirty due to force-HTTPS change',
443 [
444 'session' => $this->id,
445 ] );
446 $this->autosave();
447 }
448 }
449
454 public function getLoggedOutTimestamp() {
455 return $this->loggedOut;
456 }
457
462 public function setLoggedOutTimestamp( $ts = null ) {
463 $ts = (int)$ts;
464 if ( $this->loggedOut !== $ts ) {
465 $this->loggedOut = $ts;
466 $this->metaDirty = true;
467 $this->logger->debug(
468 'SessionBackend "{session}" metadata dirty due to logged-out-timestamp change',
469 [
470 'session' => $this->id,
471 ] );
472 $this->autosave();
473 }
474 }
475
481 public function getProviderMetadata() {
483 }
484
490 public function setProviderMetadata( $metadata ) {
491 if ( $metadata !== null && !is_array( $metadata ) ) {
492 throw new \InvalidArgumentException( '$metadata must be an array or null' );
493 }
494 if ( $this->providerMetadata !== $metadata ) {
495 $this->providerMetadata = $metadata;
496 $this->metaDirty = true;
497 $this->logger->debug(
498 'SessionBackend "{session}" metadata dirty due to provider metadata change',
499 [
500 'session' => $this->id,
501 ] );
502 $this->autosave();
503 }
504 }
505
515 public function &getData() {
516 return $this->data;
517 }
518
526 public function addData( array $newData ) {
527 $data = &$this->getData();
528 foreach ( $newData as $key => $value ) {
529 if ( !array_key_exists( $key, $data ) || $data[$key] !== $value ) {
530 $data[$key] = $value;
531 $this->dataDirty = true;
532 $this->logger->debug(
533 'SessionBackend "{session}" data dirty due to addData(): {callers}',
534 [
535 'session' => $this->id,
536 'callers' => wfGetAllCallers( 5 ),
537 ] );
538 }
539 }
540 }
541
546 public function dirty() {
547 $this->dataDirty = true;
548 $this->logger->debug(
549 'SessionBackend "{session}" data dirty due to dirty(): {callers}',
550 [
551 'session' => $this->id,
552 'callers' => wfGetAllCallers( 5 ),
553 ] );
554 }
555
562 public function renew() {
563 if ( time() + $this->lifetime / 2 > $this->expires ) {
564 $this->metaDirty = true;
565 $this->logger->debug(
566 'SessionBackend "{callers}" metadata dirty for renew(): {callers}',
567 [
568 'session' => $this->id,
569 'callers' => wfGetAllCallers( 5 ),
570 ] );
571 if ( $this->persist ) {
572 $this->forcePersist = true;
573 $this->logger->debug(
574 'SessionBackend "{session}" force-persist for renew(): {callers}',
575 [
576 'session' => $this->id,
577 'callers' => wfGetAllCallers( 5 ),
578 ] );
579 }
580 }
581 $this->autosave();
582 }
583
591 public function delaySave() {
592 $this->delaySave++;
593 return new \Wikimedia\ScopedCallback( function () {
594 if ( --$this->delaySave <= 0 ) {
595 $this->delaySave = 0;
596 $this->save();
597 }
598 } );
599 }
600
605 private function autosave() {
606 if ( $this->delaySave <= 0 ) {
607 $this->save();
608 }
609 }
610
620 public function save( $closing = false ) {
621 $anon = $this->user->isAnon();
622
623 if ( !$anon && $this->provider->getManager()->isUserSessionPrevented( $this->user->getName() ) ) {
624 $this->logger->debug(
625 'SessionBackend "{session}" not saving, user {user} was ' .
626 'passed to SessionManager::preventSessionsForUser',
627 [
628 'session' => $this->id,
629 'user' => $this->user,
630 ] );
631 return;
632 }
633
634 // Ensure the user has a token
635 // @codeCoverageIgnoreStart
636 if ( !$anon && !$this->user->getToken( false ) ) {
637 $this->logger->debug(
638 'SessionBackend "{session}" creating token for user {user} on save',
639 [
640 'session' => $this->id,
641 'user' => $this->user,
642 ] );
643 $this->user->setToken();
644 if ( !wfReadOnly() ) {
645 // Promise that the token set here will be valid; save it at end of request
647 \DeferredUpdates::addCallableUpdate( function () use ( $user ) {
649 } );
650 }
651 $this->metaDirty = true;
652 }
653 // @codeCoverageIgnoreEnd
654
655 if ( !$this->metaDirty && !$this->dataDirty &&
656 $this->dataHash !== md5( serialize( $this->data ) )
657 ) {
658 $this->logger->debug(
659 'SessionBackend "{session}" data dirty due to hash mismatch, {expected} !== {got}',
660 [
661 'session' => $this->id,
662 'expected' => $this->dataHash,
663 'got' => md5( serialize( $this->data ) ),
664 ] );
665 $this->dataDirty = true;
666 }
667
668 if ( !$this->metaDirty && !$this->dataDirty && !$this->forcePersist ) {
669 return;
670 }
671
672 $this->logger->debug(
673 'SessionBackend "{session}" save: dataDirty={dataDirty} ' .
674 'metaDirty={metaDirty} forcePersist={forcePersist}',
675 [
676 'session' => $this->id,
677 'dataDirty' => (int)$this->dataDirty,
678 'metaDirty' => (int)$this->metaDirty,
679 'forcePersist' => (int)$this->forcePersist,
680 ] );
681
682 // Persist or unpersist to the provider, if necessary
683 if ( $this->metaDirty || $this->forcePersist ) {
684 if ( $this->persist ) {
685 foreach ( $this->requests as $request ) {
686 $request->setSessionId( $this->getSessionId() );
687 $this->provider->persistSession( $this, $request );
688 }
689 if ( !$closing ) {
690 $this->checkPHPSession();
691 }
692 } else {
693 foreach ( $this->requests as $request ) {
694 if ( $request->getSessionId() === $this->id ) {
695 $this->provider->unpersistSession( $request );
696 }
697 }
698 }
699 }
700
701 $this->forcePersist = false;
702
703 if ( !$this->metaDirty && !$this->dataDirty ) {
704 return;
705 }
706
707 // Save session data to store, if necessary
708 $metadata = $origMetadata = [
709 'provider' => (string)$this->provider,
710 'providerMetadata' => $this->providerMetadata,
711 'userId' => $anon ? 0 : $this->user->getId(),
712 'userName' => User::isValidUserName( $this->user->getName() ) ? $this->user->getName() : null,
713 'userToken' => $anon ? null : $this->user->getToken(),
714 'remember' => !$anon && $this->remember,
715 'forceHTTPS' => $this->forceHTTPS,
716 'expires' => time() + $this->lifetime,
717 'loggedOut' => $this->loggedOut,
718 'persisted' => $this->persist,
719 ];
720
721 \Hooks::run( 'SessionMetadata', [ $this, &$metadata, $this->requests ] );
722
723 foreach ( $origMetadata as $k => $v ) {
724 if ( $metadata[$k] !== $v ) {
725 throw new \UnexpectedValueException( "SessionMetadata hook changed metadata key \"$k\"" );
726 }
727 }
728
729 $flags = $this->persist ? 0 : CachedBagOStuff::WRITE_CACHE_ONLY;
730 $flags |= CachedBagOStuff::WRITE_SYNC; // write to all datacenters
731 $this->store->set(
732 wfMemcKey( 'MWSession', (string)$this->id ),
733 [
734 'data' => $this->data,
735 'metadata' => $metadata,
736 ],
737 $metadata['expires'],
738 $flags
739 );
740
741 $this->metaDirty = false;
742 $this->dataDirty = false;
743 $this->dataHash = md5( serialize( $this->data ) );
744 $this->expires = $metadata['expires'];
745 }
746
751 private function checkPHPSession() {
752 if ( !$this->checkPHPSessionRecursionGuard ) {
753 $this->checkPHPSessionRecursionGuard = true;
754 $reset = new \Wikimedia\ScopedCallback( function () {
755 $this->checkPHPSessionRecursionGuard = false;
756 } );
757
758 if ( $this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() &&
759 SessionManager::getGlobalSession()->getId() === (string)$this->id
760 ) {
761 $this->logger->debug(
762 'SessionBackend "{session}" Taking over PHP session',
763 [
764 'session' => $this->id,
765 ] );
766 session_id( (string)$this->id );
767 \MediaWiki\quietCall( 'session_start' );
768 }
769 }
770 }
771
772}
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
serialize()
wfReadOnly()
Check whether the wiki is in read-only mode.
wfMemcKey()
Make a cache key for the local wiki.
wfGetAllCallers( $limit=3)
Return a string consisting of callers in the stack.
get( $key, $flags=0, $oldFlags=null)
Get an item with the given key.
Wrapper around a BagOStuff that caches data in memory.
static isEnabled()
Test whether the handler is installed and enabled.
This is the actual workhorse for Session.
setLoggedOutTimestamp( $ts=null)
Set the "logged out" timestamp.
addData(array $newData)
Add data to the session.
suggestLoginUsername( $index)
Get a suggested username for the login form.
isPersistent()
Indicate whether this session is persisted across requests.
getSession(WebRequest $request)
Return a new Session for this backend.
__construct(SessionId $id, SessionInfo $info, CachedBagOStuff $store, LoggerInterface $logger, $lifetime)
shouldForceHTTPS()
Whether HTTPS should be forced.
& getData()
Fetch the session data array.
getProviderMetadata()
Fetch provider metadata.
deregisterSession( $index)
Deregister a Session.
getSessionId()
Fetch the SessionId object.
canSetUser()
Indicate whether the session user info can be changed.
delaySave()
Delay automatic saving while multiple updates are being made.
checkPHPSession()
For backwards compatibility, open the PHP session when the global session is persisted.
unpersist()
Make this session not persisted across requests.
WebRequest[] $requests
Session requests.
setProviderMetadata( $metadata)
Set provider metadata.
array null $providerMetadata
provider-specified metadata
setForceHTTPS( $force)
Set whether HTTPS should be forced.
getProvider()
Fetch the SessionProvider for this session.
getId()
Returns the session ID.
getLoggedOutTimestamp()
Fetch the "logged out" timestamp.
resetId()
Changes the session ID.
setUser( $user)
Set a new user for this session.
save( $closing=false)
Save the session.
getUser()
Returns the authenticated user for this session.
autosave()
Save the session, unless delayed.
renew()
Renew the session by resaving everything.
SessionProvider $provider
provider
string $dataHash
Used to detect subarray modifications.
getAllowedUserRights()
Fetch the rights allowed the user when this session is active.
getRequest( $index)
Returns the request associated with a Session.
persist()
Make this session persisted across requests.
setRememberUser( $remember)
Set whether the user should be remembered independently of the session ID.
shouldRememberUser()
Indicate whether the user should be remembered independently of the session ID.
Value object holding the session ID in a manner that can be globally updated.
Definition SessionId.php:38
Value object returned by SessionProvider.
getProviderMetadata()
Return provider metadata.
getId()
Return the session ID.
getProvider()
Return the provider.
getUserInfo()
Return the user.
wasPersisted()
Return whether the session is persisted.
wasRemembered()
Return whether the user was remembered.
forceHTTPS()
Whether this session should only be used over HTTPS.
static getGlobalSession()
Get the "global" session.
A SessionProvider provides SessionInfo and support for Session.
Manages data for an an authenticated session.
Definition Session.php:48
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:48
saveSettings()
Save this user's settings into the database.
Definition User.php:3847
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a save
Definition deferred.txt:5
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such and we might be restricted by PHP settings such as safe mode or open_basedir We cannot assume that the software even has read access anywhere useful Many shared hosts run all users web applications under the same user
Wikitext formatted, in the key only.
the array() calling protocol came about after MediaWiki 1.4rc1.
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:183
it s the revision text itself In either if gzip is the revision text is gzipped $flags
Definition hooks.txt:2710
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2685
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37
This document describes the state of Postgres support in and is fairly well maintained The main code is very well while extensions are very hit and miss it is probably the most supported database after MySQL Much of the work in making MediaWiki database agnostic came about through the work of creating Postgres as and are nearing end of but without copying over all the usage comments General notes on the but these can almost always be programmed around *Although Postgres has a true BOOLEAN boolean columns are always mapped to as the code does not always treat the column as a and VARBINARY columns should simply be TEXT The only exception is when VARBINARY is used to store true binary data
Definition postgres.txt:43
MediaWiki s SiteStore can be cached and stored in a flat in a json format If the SiteStore is frequently the file cache may provide a performance benefit over a database store
Definition sitescache.txt:4