MediaWiki REL1_30
SessionBackend.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
27use Psr\Log\LoggerInterface;
28use User;
29use WebRequest;
30
49final class SessionBackend {
51 private $id;
52
53 private $persist = false;
54 private $remember = false;
55 private $forceHTTPS = false;
56
58 private $data = null;
59
60 private $forcePersist = false;
61 private $metaDirty = false;
62 private $dataDirty = false;
63
65 private $dataHash = null;
66
68 private $store;
69
71 private $logger;
72
74 private $lifetime;
75
77 private $user;
78
79 private $curIndex = 0;
80
82 private $requests = [];
83
85 private $provider;
86
88 private $providerMetadata = null;
89
90 private $expires = 0;
91 private $loggedOut = 0;
92 private $delaySave = 0;
93
94 private $usePhpSessionHandling = true;
96
97 private $shutdown = false;
98
106 public function __construct(
108 ) {
109 $phpSessionHandling = \RequestContext::getMain()->getConfig()->get( 'PHPSessionHandling' );
110 $this->usePhpSessionHandling = $phpSessionHandling !== 'disable';
111
112 if ( $info->getUserInfo() && !$info->getUserInfo()->isVerified() ) {
113 throw new \InvalidArgumentException(
114 "Refusing to create session for unverified user {$info->getUserInfo()}"
115 );
116 }
117 if ( $info->getProvider() === null ) {
118 throw new \InvalidArgumentException( 'Cannot create session without a provider' );
119 }
120 if ( $info->getId() !== $id->getId() ) {
121 throw new \InvalidArgumentException( 'SessionId and SessionInfo don\'t match' );
122 }
123
124 $this->id = $id;
125 $this->user = $info->getUserInfo() ? $info->getUserInfo()->getUser() : new User;
126 $this->store = $store;
127 $this->logger = $logger;
128 $this->lifetime = $lifetime;
129 $this->provider = $info->getProvider();
130 $this->persist = $info->wasPersisted();
131 $this->remember = $info->wasRemembered();
132 $this->forceHTTPS = $info->forceHTTPS();
133 $this->providerMetadata = $info->getProviderMetadata();
134
135 $blob = $store->get( $store->makeKey( 'MWSession', (string)$this->id ) );
136 if ( !is_array( $blob ) ||
137 !isset( $blob['metadata'] ) || !is_array( $blob['metadata'] ) ||
138 !isset( $blob['data'] ) || !is_array( $blob['data'] )
139 ) {
140 $this->data = [];
141 $this->dataDirty = true;
142 $this->metaDirty = true;
143 $this->logger->debug(
144 'SessionBackend "{session}" is unsaved, marking dirty in constructor',
145 [
146 'session' => $this->id,
147 ] );
148 } else {
149 $this->data = $blob['data'];
150 if ( isset( $blob['metadata']['loggedOut'] ) ) {
151 $this->loggedOut = (int)$blob['metadata']['loggedOut'];
152 }
153 if ( isset( $blob['metadata']['expires'] ) ) {
154 $this->expires = (int)$blob['metadata']['expires'];
155 } else {
156 $this->metaDirty = true;
157 $this->logger->debug(
158 'SessionBackend "{session}" metadata dirty due to missing expiration timestamp',
159 [
160 'session' => $this->id,
161 ] );
162 }
163 }
164 $this->dataHash = md5( serialize( $this->data ) );
165 }
166
172 public function getSession( WebRequest $request ) {
173 $index = ++$this->curIndex;
174 $this->requests[$index] = $request;
175 $session = new Session( $this, $index, $this->logger );
176 return $session;
177 }
178
184 public function deregisterSession( $index ) {
185 unset( $this->requests[$index] );
186 if ( !$this->shutdown && !count( $this->requests ) ) {
187 $this->save( true );
188 $this->provider->getManager()->deregisterSessionBackend( $this );
189 }
190 }
191
196 public function shutdown() {
197 $this->save( true );
198 $this->shutdown = true;
199 }
200
205 public function getId() {
206 return (string)$this->id;
207 }
208
214 public function getSessionId() {
215 return $this->id;
216 }
217
222 public function resetId() {
223 if ( $this->provider->persistsSessionId() ) {
224 $oldId = (string)$this->id;
225 $restart = $this->usePhpSessionHandling && $oldId === session_id() &&
227
228 if ( $restart ) {
229 // If this session is the one behind PHP's $_SESSION, we need
230 // to close then reopen it.
231 session_write_close();
232 }
233
234 $this->provider->getManager()->changeBackendId( $this );
235 $this->provider->sessionIdWasReset( $this, $oldId );
236 $this->metaDirty = true;
237 $this->logger->debug(
238 'SessionBackend "{session}" metadata dirty due to ID reset (formerly "{oldId}")',
239 [
240 'session' => $this->id,
241 'oldId' => $oldId,
242 ] );
243
244 if ( $restart ) {
245 session_id( (string)$this->id );
246 \MediaWiki\quietCall( 'session_start' );
247 }
248
249 $this->autosave();
250
251 // Delete the data for the old session ID now
252 $this->store->delete( $this->store->makeKey( 'MWSession', $oldId ) );
253 }
254 }
255
260 public function getProvider() {
261 return $this->provider;
262 }
263
271 public function isPersistent() {
272 return $this->persist;
273 }
274
281 public function persist() {
282 if ( !$this->persist ) {
283 $this->persist = true;
284 $this->forcePersist = true;
285 $this->metaDirty = true;
286 $this->logger->debug(
287 'SessionBackend "{session}" force-persist due to persist()',
288 [
289 'session' => $this->id,
290 ] );
291 $this->autosave();
292 } else {
293 $this->renew();
294 }
295 }
296
300 public function unpersist() {
301 if ( $this->persist ) {
302 // Close the PHP session, if we're the one that's open
303 if ( $this->usePhpSessionHandling && PHPSessionHandler::isEnabled() &&
304 session_id() === (string)$this->id
305 ) {
306 $this->logger->debug(
307 'SessionBackend "{session}" Closing PHP session for unpersist',
308 [ 'session' => $this->id ]
309 );
310 session_write_close();
311 session_id( '' );
312 }
313
314 $this->persist = false;
315 $this->forcePersist = true;
316 $this->metaDirty = true;
317
318 // Delete the session data, so the local cache-only write in
319 // self::save() doesn't get things out of sync with the backend.
320 $this->store->delete( $this->store->makeKey( 'MWSession', (string)$this->id ) );
321
322 $this->autosave();
323 }
324 }
325
331 public function shouldRememberUser() {
332 return $this->remember;
333 }
334
340 public function setRememberUser( $remember ) {
341 if ( $this->remember !== (bool)$remember ) {
342 $this->remember = (bool)$remember;
343 $this->metaDirty = true;
344 $this->logger->debug(
345 'SessionBackend "{session}" metadata dirty due to remember-user change',
346 [
347 'session' => $this->id,
348 ] );
349 $this->autosave();
350 }
351 }
352
358 public function getRequest( $index ) {
359 if ( !isset( $this->requests[$index] ) ) {
360 throw new \InvalidArgumentException( 'Invalid session index' );
361 }
362 return $this->requests[$index];
363 }
364
369 public function getUser() {
370 return $this->user;
371 }
372
377 public function getAllowedUserRights() {
378 return $this->provider->getAllowedUserRights( $this );
379 }
380
385 public function canSetUser() {
386 return $this->provider->canChangeUser();
387 }
388
396 public function setUser( $user ) {
397 if ( !$this->canSetUser() ) {
398 throw new \BadMethodCallException(
399 'Cannot set user on this session; check $session->canSetUser() first'
400 );
401 }
402
403 $this->user = $user;
404 $this->metaDirty = true;
405 $this->logger->debug(
406 'SessionBackend "{session}" metadata dirty due to user change',
407 [
408 'session' => $this->id,
409 ] );
410 $this->autosave();
411 }
412
418 public function suggestLoginUsername( $index ) {
419 if ( !isset( $this->requests[$index] ) ) {
420 throw new \InvalidArgumentException( 'Invalid session index' );
421 }
422 return $this->provider->suggestLoginUsername( $this->requests[$index] );
423 }
424
429 public function shouldForceHTTPS() {
430 return $this->forceHTTPS;
431 }
432
437 public function setForceHTTPS( $force ) {
438 if ( $this->forceHTTPS !== (bool)$force ) {
439 $this->forceHTTPS = (bool)$force;
440 $this->metaDirty = true;
441 $this->logger->debug(
442 'SessionBackend "{session}" metadata dirty due to force-HTTPS change',
443 [
444 'session' => $this->id,
445 ] );
446 $this->autosave();
447 }
448 }
449
454 public function getLoggedOutTimestamp() {
455 return $this->loggedOut;
456 }
457
462 public function setLoggedOutTimestamp( $ts = null ) {
463 $ts = (int)$ts;
464 if ( $this->loggedOut !== $ts ) {
465 $this->loggedOut = $ts;
466 $this->metaDirty = true;
467 $this->logger->debug(
468 'SessionBackend "{session}" metadata dirty due to logged-out-timestamp change',
469 [
470 'session' => $this->id,
471 ] );
472 $this->autosave();
473 }
474 }
475
481 public function getProviderMetadata() {
483 }
484
490 public function setProviderMetadata( $metadata ) {
491 if ( $metadata !== null && !is_array( $metadata ) ) {
492 throw new \InvalidArgumentException( '$metadata must be an array or null' );
493 }
494 if ( $this->providerMetadata !== $metadata ) {
495 $this->providerMetadata = $metadata;
496 $this->metaDirty = true;
497 $this->logger->debug(
498 'SessionBackend "{session}" metadata dirty due to provider metadata change',
499 [
500 'session' => $this->id,
501 ] );
502 $this->autosave();
503 }
504 }
505
515 public function &getData() {
516 return $this->data;
517 }
518
526 public function addData( array $newData ) {
527 $data = &$this->getData();
528 foreach ( $newData as $key => $value ) {
529 if ( !array_key_exists( $key, $data ) || $data[$key] !== $value ) {
530 $data[$key] = $value;
531 $this->dataDirty = true;
532 $this->logger->debug(
533 'SessionBackend "{session}" data dirty due to addData(): {callers}',
534 [
535 'session' => $this->id,
536 'callers' => wfGetAllCallers( 5 ),
537 ] );
538 }
539 }
540 }
541
546 public function dirty() {
547 $this->dataDirty = true;
548 $this->logger->debug(
549 'SessionBackend "{session}" data dirty due to dirty(): {callers}',
550 [
551 'session' => $this->id,
552 'callers' => wfGetAllCallers( 5 ),
553 ] );
554 }
555
562 public function renew() {
563 if ( time() + $this->lifetime / 2 > $this->expires ) {
564 $this->metaDirty = true;
565 $this->logger->debug(
566 'SessionBackend "{callers}" metadata dirty for renew(): {callers}',
567 [
568 'session' => $this->id,
569 'callers' => wfGetAllCallers( 5 ),
570 ] );
571 if ( $this->persist ) {
572 $this->forcePersist = true;
573 $this->logger->debug(
574 'SessionBackend "{session}" force-persist for renew(): {callers}',
575 [
576 'session' => $this->id,
577 'callers' => wfGetAllCallers( 5 ),
578 ] );
579 }
580 }
581 $this->autosave();
582 }
583
591 public function delaySave() {
592 $this->delaySave++;
593 return new \Wikimedia\ScopedCallback( function () {
594 if ( --$this->delaySave <= 0 ) {
595 $this->delaySave = 0;
596 $this->save();
597 }
598 } );
599 }
600
605 private function autosave() {
606 if ( $this->delaySave <= 0 ) {
607 $this->save();
608 }
609 }
610
620 public function save( $closing = false ) {
621 $anon = $this->user->isAnon();
622
623 if ( !$anon && $this->provider->getManager()->isUserSessionPrevented( $this->user->getName() ) ) {
624 $this->logger->debug(
625 'SessionBackend "{session}" not saving, user {user} was ' .
626 'passed to SessionManager::preventSessionsForUser',
627 [
628 'session' => $this->id,
629 'user' => $this->user,
630 ] );
631 return;
632 }
633
634 // Ensure the user has a token
635 // @codeCoverageIgnoreStart
636 if ( !$anon && !$this->user->getToken( false ) ) {
637 $this->logger->debug(
638 'SessionBackend "{session}" creating token for user {user} on save',
639 [
640 'session' => $this->id,
641 'user' => $this->user,
642 ] );
643 $this->user->setToken();
644 if ( !wfReadOnly() ) {
645 // Promise that the token set here will be valid; save it at end of request
646 $user = $this->user;
647 \DeferredUpdates::addCallableUpdate( function () use ( $user ) {
648 $user->saveSettings();
649 } );
650 }
651 $this->metaDirty = true;
652 }
653 // @codeCoverageIgnoreEnd
654
655 if ( !$this->metaDirty && !$this->dataDirty &&
656 $this->dataHash !== md5( serialize( $this->data ) )
657 ) {
658 $this->logger->debug(
659 'SessionBackend "{session}" data dirty due to hash mismatch, {expected} !== {got}',
660 [
661 'session' => $this->id,
662 'expected' => $this->dataHash,
663 'got' => md5( serialize( $this->data ) ),
664 ] );
665 $this->dataDirty = true;
666 }
667
668 if ( !$this->metaDirty && !$this->dataDirty && !$this->forcePersist ) {
669 return;
670 }
671
672 $this->logger->debug(
673 'SessionBackend "{session}" save: dataDirty={dataDirty} ' .
674 'metaDirty={metaDirty} forcePersist={forcePersist}',
675 [
676 'session' => $this->id,
677 'dataDirty' => (int)$this->dataDirty,
678 'metaDirty' => (int)$this->metaDirty,
679 'forcePersist' => (int)$this->forcePersist,
680 ] );
681
682 // Persist or unpersist to the provider, if necessary
683 if ( $this->metaDirty || $this->forcePersist ) {
684 if ( $this->persist ) {
685 foreach ( $this->requests as $request ) {
686 $request->setSessionId( $this->getSessionId() );
687 $this->provider->persistSession( $this, $request );
688 }
689 if ( !$closing ) {
690 $this->checkPHPSession();
691 }
692 } else {
693 foreach ( $this->requests as $request ) {
694 if ( $request->getSessionId() === $this->id ) {
695 $this->provider->unpersistSession( $request );
696 }
697 }
698 }
699 }
700
701 $this->forcePersist = false;
702
703 if ( !$this->metaDirty && !$this->dataDirty ) {
704 return;
705 }
706
707 // Save session data to store, if necessary
708 $metadata = $origMetadata = [
709 'provider' => (string)$this->provider,
710 'providerMetadata' => $this->providerMetadata,
711 'userId' => $anon ? 0 : $this->user->getId(),
712 'userName' => User::isValidUserName( $this->user->getName() ) ? $this->user->getName() : null,
713 'userToken' => $anon ? null : $this->user->getToken(),
714 'remember' => !$anon && $this->remember,
715 'forceHTTPS' => $this->forceHTTPS,
716 'expires' => time() + $this->lifetime,
717 'loggedOut' => $this->loggedOut,
718 'persisted' => $this->persist,
719 ];
720
721 \Hooks::run( 'SessionMetadata', [ $this, &$metadata, $this->requests ] );
722
723 foreach ( $origMetadata as $k => $v ) {
724 if ( $metadata[$k] !== $v ) {
725 throw new \UnexpectedValueException( "SessionMetadata hook changed metadata key \"$k\"" );
726 }
727 }
728
729 $flags = $this->persist ? 0 : CachedBagOStuff::WRITE_CACHE_ONLY;
730 $flags |= CachedBagOStuff::WRITE_SYNC; // write to all datacenters
731 $this->store->set(
732 $this->store->makeKey( 'MWSession', (string)$this->id ),
733 [
734 'data' => $this->data,
735 'metadata' => $metadata,
736 ],
737 $metadata['expires'],
738 $flags
739 );
740
741 $this->metaDirty = false;
742 $this->dataDirty = false;
743 $this->dataHash = md5( serialize( $this->data ) );
744 $this->expires = $metadata['expires'];
745 }
746
751 private function checkPHPSession() {
752 if ( !$this->checkPHPSessionRecursionGuard ) {
753 $this->checkPHPSessionRecursionGuard = true;
754 $reset = new \Wikimedia\ScopedCallback( function () {
755 $this->checkPHPSessionRecursionGuard = false;
756 } );
757
758 if ( $this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() &&
759 SessionManager::getGlobalSession()->getId() === (string)$this->id
760 ) {
761 $this->logger->debug(
762 'SessionBackend "{session}" Taking over PHP session',
763 [
764 'session' => $this->id,
765 ] );
766 session_id( (string)$this->id );
767 \MediaWiki\quietCall( 'session_start' );
768 }
769 }
770 }
771
772}
serialize()
wfReadOnly()
Check whether the wiki is in read-only mode.
wfGetAllCallers( $limit=3)
Return a string consisting of callers in the stack.
get( $key, $flags=0, $oldFlags=null)
Get an item with the given key.
Wrapper around a BagOStuff that caches data in memory.
makeKey()
Make a cache key, scoped to this instance's keyspace.
static isEnabled()
Test whether the handler is installed and enabled.
This is the actual workhorse for Session.
setLoggedOutTimestamp( $ts=null)
Set the "logged out" timestamp.
addData(array $newData)
Add data to the session.
suggestLoginUsername( $index)
Get a suggested username for the login form.
isPersistent()
Indicate whether this session is persisted across requests.
getSession(WebRequest $request)
Return a new Session for this backend.
__construct(SessionId $id, SessionInfo $info, CachedBagOStuff $store, LoggerInterface $logger, $lifetime)
shouldForceHTTPS()
Whether HTTPS should be forced.
& getData()
Fetch the session data array.
getProviderMetadata()
Fetch provider metadata.
deregisterSession( $index)
Deregister a Session.
getSessionId()
Fetch the SessionId object.
canSetUser()
Indicate whether the session user info can be changed.
delaySave()
Delay automatic saving while multiple updates are being made.
checkPHPSession()
For backwards compatibility, open the PHP session when the global session is persisted.
unpersist()
Make this session not persisted across requests.
WebRequest[] $requests
Session requests.
setProviderMetadata( $metadata)
Set provider metadata.
array null $providerMetadata
provider-specified metadata
setForceHTTPS( $force)
Set whether HTTPS should be forced.
getProvider()
Fetch the SessionProvider for this session.
getId()
Returns the session ID.
getLoggedOutTimestamp()
Fetch the "logged out" timestamp.
resetId()
Changes the session ID.
setUser( $user)
Set a new user for this session.
save( $closing=false)
Save the session.
getUser()
Returns the authenticated user for this session.
autosave()
Save the session, unless delayed.
renew()
Renew the session by resaving everything.
SessionProvider $provider
provider
string $dataHash
Used to detect subarray modifications.
getAllowedUserRights()
Fetch the rights allowed the user when this session is active.
getRequest( $index)
Returns the request associated with a Session.
persist()
Make this session persisted across requests.
setRememberUser( $remember)
Set whether the user should be remembered independently of the session ID.
shouldRememberUser()
Indicate whether the user should be remembered independently of the session ID.
Value object holding the session ID in a manner that can be globally updated.
Definition SessionId.php:38
Value object returned by SessionProvider.
getProviderMetadata()
Return provider metadata.
getId()
Return the session ID.
getProvider()
Return the provider.
getUserInfo()
Return the user.
wasPersisted()
Return whether the session is persisted.
wasRemembered()
Return whether the user was remembered.
forceHTTPS()
Whether this session should only be used over HTTPS.
static getGlobalSession()
Get the "global" session.
A SessionProvider provides SessionInfo and support for Session.
Manages data for an an authenticated session.
Definition Session.php:48
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a save
Definition deferred.txt:5
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2775
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181
it s the revision text itself In either if gzip is the revision text is gzipped $flags
Definition hooks.txt:2805