MediaWiki REL1_28
MediaWiki\Session\SessionManager Class Reference

This serves as the entry point to the MediaWiki session handling system. More...

Inheritance diagram for MediaWiki\Session\SessionManager:
Collaboration diagram for MediaWiki\Session\SessionManager:

Public Member Functions

 __construct ( $options=[])
 
 getEmptySession (WebRequest $request=null)
 Create a new, empty session.
 
 getSessionById ( $id, $create=false, WebRequest $request=null)
 Fetch a session by ID.
 
 getSessionForRequest (WebRequest $request)
 Fetch the session for a request (or a new empty session if none is attached to it)
 
 getVaryCookies ()
 Return the list of cookies that need varying on.
 
 getVaryHeaders ()
 Return the HTTP headers that need varying on.
 
 invalidateSessionsForUser (User $user)
 Invalidate sessions for a user.
 
 setLogger (LoggerInterface $logger)
 

Static Public Member Functions

static getGlobalSession ()
 Get the "global" session.
 
static singleton ()
 Get the global SessionManager.
 
static validateSessionId ( $id)
 Validate a session ID.
 

Private Member Functions

 getEmptySessionInternal (WebRequest $request=null, $id=null)
 

Private Attributes

SessionBackend[] $allSessionBackends = []
 
SessionId[] $allSessionIds = []
 
Config $config
 
LoggerInterface $logger
 
string[] $preventUsers = []
 
SessionProvider[] $sessionProviders = null
 
CachedBagOStuff null $store
 
string[] $varyCookies = null
 
array $varyHeaders = null
 

Static Private Attributes

static Session null $globalSession = null
 
static WebRequest null $globalSessionRequest = null
 
static SessionManager null $instance = null
 

Internal methods

static autoCreateUser (User $user)
 Auto-create the given user, if necessary.
 
static resetCache ()
 Reset the internal caching for unit testing.
 
 preventSessionsForUser ( $username)
 Prevent future sessions for the user.
 
 isUserSessionPrevented ( $username)
 Test if a user is prevented.
 
 getProvider ( $name)
 Get a session provider by name.
 
 shutdown ()
 Save all active sessions on shutdown.
 
 getSessionFromInfo (SessionInfo $info, WebRequest $request)
 Create a Session corresponding to the passed SessionInfo.
 
 deregisterSessionBackend (SessionBackend $backend)
 Deregister a SessionBackend.
 
 changeBackendId (SessionBackend $backend)
 Change a SessionBackend's ID.
 
 generateSessionId ()
 Generate a new random session ID.
 
 setupPHPSessionHandler (PHPSessionHandler $handler)
 Call setters on a PHPSessionHandler.
 
 getSessionInfoForRequest (WebRequest $request)
 Fetch the SessionInfo(s) for a request.
 
 loadSessionInfoFromStore (SessionInfo &$info, WebRequest $request)
 Load and verify the session info against the store.
 
 getProviders ()
 Get the available SessionProviders.
 

Detailed Description

This serves as the entry point to the MediaWiki session handling system.

Most methods here are for internal use by session handling code. Other callers should only use getGlobalSession and the methods of SessionManagerInterface; the rest of the functionality is exposed via MediaWiki\Session\Session methods.

To provide custom session handling, implement a MediaWiki\Session\SessionProvider.

Since
1.27
See also
https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager

Definition at line 48 of file SessionManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\SessionManager::__construct (   $options = [])
Parameters
array$options
  • config: Config to fetch configuration from. Defaults to the default 'main' config.
  • logger: LoggerInterface to use for logging. Defaults to the 'session' channel.
  • store: BagOStuff to store session data in.

Definition at line 146 of file SessionManager.php.

References $options, MediaWiki\Session\SessionManager\$store, MediaWiki\Session\SessionManager\setLogger(), and store.

Member Function Documentation

◆ autoCreateUser()

static MediaWiki\Session\SessionManager::autoCreateUser ( User  $user)
static

Auto-create the given user, if necessary.

Access:\n private Don't call this yourself. Let Setup.php do it for you at the right time.
Deprecated:
since 1.27, use MediaWiki\Auth\AuthManager::autoCreateUser instead
Parameters
User$userUser to auto-create
Returns
bool Success

Definition at line 386 of file SessionManager.php.

References $user, and wfDeprecated().

◆ changeBackendId()

MediaWiki\Session\SessionManager::changeBackendId ( SessionBackend  $backend)

Change a SessionBackend's ID.

Access:\n private For use from \MediaWiki\Session\SessionBackend only
Parameters
SessionBackend$backend

Definition at line 910 of file SessionManager.php.

References MediaWiki\Session\SessionManager\generateSessionId(), MediaWiki\Session\SessionBackend\getSessionId(), and string.

◆ deregisterSessionBackend()

MediaWiki\Session\SessionManager::deregisterSessionBackend ( SessionBackend  $backend)

Deregister a SessionBackend.

Access:\n private For use from \MediaWiki\Session\SessionBackend only
Parameters
SessionBackend$backend

Definition at line 892 of file SessionManager.php.

References MediaWiki\Session\SessionBackend\getId(), and MediaWiki\Session\SessionBackend\getSessionId().

◆ generateSessionId()

MediaWiki\Session\SessionManager::generateSessionId ( )

Generate a new random session ID.

Returns
string

Definition at line 932 of file SessionManager.php.

References MWCryptRand\generateHex(), store, and wfMemcKey().

Referenced by MediaWiki\Session\SessionManager\changeBackendId().

◆ getEmptySession()

MediaWiki\Session\SessionManager::getEmptySession ( WebRequest  $request = null)

Create a new, empty session.

The first provider configured that is able to provide an empty session will be used.

Parameters
WebRequest | null$requestCorresponding request. Any existing session associated with this WebRequest object will be overwritten.
Returns
Session

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 241 of file SessionManager.php.

References $request, and MediaWiki\Session\SessionManager\getEmptySessionInternal().

Referenced by MediaWiki\Session\SessionManager\getSessionForRequest().

◆ getEmptySessionInternal()

MediaWiki\Session\SessionManager::getEmptySessionInternal ( WebRequest  $request = null,
  $id = null 
)
private
See also
SessionManagerInterface::getEmptySession
Parameters
WebRequest | null$request
string | null$idID to force on the new session
Returns
Session

Definition at line 251 of file SessionManager.php.

References $request, as, MediaWiki\Session\SessionInfo\compare(), MediaWiki\Session\SessionManager\getProviders(), MediaWiki\Session\SessionManager\getSessionFromInfo(), store, and wfMemcKey().

Referenced by MediaWiki\Session\SessionManager\getEmptySession(), and MediaWiki\Session\SessionManager\getSessionById().

◆ getGlobalSession()

static MediaWiki\Session\SessionManager::getGlobalSession ( )
static

◆ getProvider()

MediaWiki\Session\SessionManager::getProvider (   $name)

Get a session provider by name.

Generally, this will only be used by internal implementation of some special session-providing mechanism. General purpose code, if it needs to access a SessionProvider at all, will use Session::getProvider().

Parameters
string$name
Returns
SessionProvider|null

Definition at line 454 of file SessionManager.php.

References $name, and MediaWiki\Session\SessionManager\getProviders().

Referenced by MediaWiki\Session\SessionManager\loadSessionInfoFromStore().

◆ getProviders()

◆ getSessionById()

MediaWiki\Session\SessionManager::getSessionById (   $id,
  $create = false,
WebRequest  $request = null 
)

Fetch a session by ID.

Parameters
string$id
bool$createIf no session exists for $id, try to create a new one. May still return null if a session for $id exists but cannot be loaded.
WebRequest | null$requestCorresponding request. Any existing session associated with this WebRequest object will be overwritten.
Returns
Session|null

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 199 of file SessionManager.php.

References $request, MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getSessionFromInfo(), MediaWiki\Session\SessionManager\loadSessionInfoFromStore(), MediaWiki\Session\SessionInfo\MIN_PRIORITY, store, and wfMemcKey().

◆ getSessionForRequest()

MediaWiki\Session\SessionManager::getSessionForRequest ( WebRequest  $request)

Fetch the session for a request (or a new empty session if none is attached to it)

Note
You probably want to use $request->getSession() instead. It's more efficient and doesn't break FauxRequests or sessions that were changed by $this->getSessionById() or $this->getEmptySession().
Parameters
WebRequest$requestAny existing associated session will be reset to the session corresponding to the data in the request itself.
Returns
Session
Exceptions

\OverflowException if there are multiple sessions tied for top priority in the request. Exception has a property "sessionInfos" holding the SessionInfo objects for the sessions involved.

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 188 of file SessionManager.php.

References $request, MediaWiki\Session\SessionManager\getEmptySession(), MediaWiki\Session\SessionManager\getSessionFromInfo(), and MediaWiki\Session\SessionManager\getSessionInfoForRequest().

◆ getSessionFromInfo()

MediaWiki\Session\SessionManager::getSessionFromInfo ( SessionInfo  $info,
WebRequest  $request 
)

Create a Session corresponding to the passed SessionInfo.

Access:\n private For use by a SessionProvider that needs to specially create its
own Session. Most session providers won't need this.
Parameters
SessionInfo$info
WebRequest$request
Returns
Session

Definition at line 836 of file SessionManager.php.

References $request, MediaWiki\Session\SessionInfo\getId(), MediaWiki\Session\SessionInfo\isIdSafe(), MW_NO_SESSION, store, MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().

Referenced by MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getSessionById(), and MediaWiki\Session\SessionManager\getSessionForRequest().

◆ getSessionInfoForRequest()

MediaWiki\Session\SessionManager::getSessionInfoForRequest ( WebRequest  $request)
private

◆ getVaryCookies()

MediaWiki\Session\SessionManager::getVaryCookies ( )

Return the list of cookies that need varying on.

Returns
string[]

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 348 of file SessionManager.php.

References MediaWiki\Session\SessionManager\$varyCookies, as, MediaWiki\Session\SessionManager\getProviders(), and MW_NO_SESSION.

◆ getVaryHeaders()

MediaWiki\Session\SessionManager::getVaryHeaders ( )

Return the HTTP headers that need varying on.

The return value is such that someone could theoretically do this:

foreach ( $provider->getVaryHeaders() as $header => $options ) {
$outputPage->addVaryHeader( $header, $options );
}
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist e g Watchlist removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set and then return false from the hook function Ensure you consume the ChangeTagAfterDelete hook to carry out custom deletion actions as context called by AbstractContent::getParserOutput May be used to override the normal model specific rendering of page content as context as context $options
Definition hooks.txt:1096
$header
Returns
array

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 325 of file SessionManager.php.

References $header, $options, MediaWiki\Session\SessionManager\$varyHeaders, as, MediaWiki\Session\SessionManager\getProviders(), and MW_NO_SESSION.

◆ invalidateSessionsForUser()

MediaWiki\Session\SessionManager::invalidateSessionsForUser ( User  $user)

Invalidate sessions for a user.

After calling this, existing sessions should be invalid. For mutable session providers, this generally means the user has to log in again; for immutable providers, it generally means the loss of session data.

Parameters
User$user

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 311 of file SessionManager.php.

References $user, as, and MediaWiki\Session\SessionManager\getProviders().

◆ isUserSessionPrevented()

MediaWiki\Session\SessionManager::isUserSessionPrevented (   $username)

Test if a user is prevented.

Access:\n private For use from SessionBackend only
Parameters
string$username
Returns
bool

Definition at line 419 of file SessionManager.php.

References $username.

◆ loadSessionInfoFromStore()

◆ preventSessionsForUser()

MediaWiki\Session\SessionManager::preventSessionsForUser (   $username)

Prevent future sessions for the user.

The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the prevention of access).

Access:\n private For use from \User::newSystemUser only
Parameters
string$username

Definition at line 404 of file SessionManager.php.

References $username, as, and MediaWiki\Session\SessionManager\getProviders().

◆ resetCache()

static MediaWiki\Session\SessionManager::resetCache ( )
static

Reset the internal caching for unit testing.

Access:\n protected Unit tests only

Definition at line 953 of file SessionManager.php.

◆ setLogger()

MediaWiki\Session\SessionManager::setLogger ( LoggerInterface  $logger)

◆ setupPHPSessionHandler()

MediaWiki\Session\SessionManager::setupPHPSessionHandler ( PHPSessionHandler  $handler)

Call setters on a PHPSessionHandler.

Access:\n private Use PhpSessionHandler::install()
Parameters
PHPSessionHandler$handler

Definition at line 945 of file SessionManager.php.

References $handler, and store.

Referenced by MediaWiki\Session\PHPSessionHandler\__construct(), and MediaWiki\Session\PHPSessionHandler\install().

◆ shutdown()

MediaWiki\Session\SessionManager::shutdown ( )

Save all active sessions on shutdown.

Access:\n private For internal use with register_shutdown_function()

Definition at line 463 of file SessionManager.php.

References as.

◆ singleton()

◆ validateSessionId()

static MediaWiki\Session\SessionManager::validateSessionId (   $id)
static

Member Data Documentation

◆ $allSessionBackends

SessionBackend [] MediaWiki\Session\SessionManager::$allSessionBackends = []
private

Definition at line 77 of file SessionManager.php.

◆ $allSessionIds

SessionId [] MediaWiki\Session\SessionManager::$allSessionIds = []
private

Definition at line 80 of file SessionManager.php.

◆ $config

Config MediaWiki\Session\SessionManager::$config
private

Definition at line 62 of file SessionManager.php.

◆ $globalSession

Session null MediaWiki\Session\SessionManager::$globalSession = null
staticprivate

◆ $globalSessionRequest

WebRequest null MediaWiki\Session\SessionManager::$globalSessionRequest = null
staticprivate

Definition at line 56 of file SessionManager.php.

◆ $instance

SessionManager null MediaWiki\Session\SessionManager::$instance = null
staticprivate

Definition at line 50 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\singleton().

◆ $logger

LoggerInterface MediaWiki\Session\SessionManager::$logger
private

Definition at line 59 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\setLogger().

◆ $preventUsers

string [] MediaWiki\Session\SessionManager::$preventUsers = []
private

Definition at line 83 of file SessionManager.php.

◆ $sessionProviders

SessionProvider [] MediaWiki\Session\SessionManager::$sessionProviders = null
private

Definition at line 68 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getProviders().

◆ $store

CachedBagOStuff null MediaWiki\Session\SessionManager::$store
private

Definition at line 65 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\__construct().

◆ $varyCookies

string [] MediaWiki\Session\SessionManager::$varyCookies = null
private

Definition at line 71 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getVaryCookies().

◆ $varyHeaders

array MediaWiki\Session\SessionManager::$varyHeaders = null
private

Definition at line 74 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getVaryHeaders().


The documentation for this class was generated from the following file: