MediaWiki REL1_31
PHPSessionHandler.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
26use Psr\Log\LoggerInterface;
27use BagOStuff;
28
34class PHPSessionHandler implements \SessionHandlerInterface {
36 protected static $instance = null;
37
39 protected $enable = false;
40 protected $warn = true;
41
43 protected $manager;
44
46 protected $store;
47
49 protected $logger;
50
52 protected $sessionFieldCache = [];
53
54 protected function __construct( SessionManager $manager ) {
55 $this->setEnableFlags(
56 \RequestContext::getMain()->getConfig()->get( 'PHPSessionHandling' )
57 );
58 $manager->setupPHPSessionHandler( $this );
59 }
60
69 private function setEnableFlags( $PHPSessionHandling ) {
70 switch ( $PHPSessionHandling ) {
71 case 'enable':
72 $this->enable = true;
73 $this->warn = false;
74 break;
75
76 case 'warn':
77 $this->enable = true;
78 $this->warn = true;
79 break;
80
81 case 'disable':
82 $this->enable = false;
83 $this->warn = false;
84 break;
85 }
86 }
87
92 public static function isInstalled() {
93 return (bool)self::$instance;
94 }
95
100 public static function isEnabled() {
101 return self::$instance && self::$instance->enable;
102 }
103
108 public static function install( SessionManager $manager ) {
109 if ( self::$instance ) {
110 $manager->setupPHPSessionHandler( self::$instance );
111 return;
112 }
113
114 // @codeCoverageIgnoreStart
115 if ( defined( 'MW_NO_SESSION_HANDLER' ) ) {
116 throw new \BadMethodCallException( 'MW_NO_SESSION_HANDLER is defined' );
117 }
118 // @codeCoverageIgnoreEnd
119
120 self::$instance = new self( $manager );
121
122 // Close any auto-started session, before we replace it
123 session_write_close();
124
125 try {
126 \Wikimedia\suppressWarnings();
127
128 // Tell PHP not to mess with cookies itself
129 ini_set( 'session.use_cookies', 0 );
130 ini_set( 'session.use_trans_sid', 0 );
131
132 // T124510: Disable automatic PHP session related cache headers.
133 // MediaWiki adds it's own headers and the default PHP behavior may
134 // set headers such as 'Pragma: no-cache' that cause problems with
135 // some user agents.
136 session_cache_limiter( '' );
137
138 // Also set a sane serialization handler
139 \Wikimedia\PhpSessionSerializer::setSerializeHandler();
140
141 // Register this as the save handler, and register an appropriate
142 // shutdown function.
143 session_set_save_handler( self::$instance, true );
144 } finally {
145 \Wikimedia\restoreWarnings();
146 }
147 }
148
156 public function setManager(
157 SessionManager $manager, BagOStuff $store, LoggerInterface $logger
158 ) {
159 if ( $this->manager !== $manager ) {
160 // Close any existing session before we change stores
161 if ( $this->manager ) {
162 session_write_close();
163 }
164 $this->manager = $manager;
165 $this->store = $store;
166 $this->logger = $logger;
167 \Wikimedia\PhpSessionSerializer::setLogger( $this->logger );
168 }
169 }
170
184 protected static function returnSuccess() {
185 return defined( 'HHVM_VERSION' ) || version_compare( PHP_VERSION, '7.0.0', '>=' ) ? true : 0;
186 }
187
194 protected static function returnFailure() {
195 return defined( 'HHVM_VERSION' ) || version_compare( PHP_VERSION, '7.0.0', '>=' ) ? false : -1;
196 }
197
205 public function open( $save_path, $session_name ) {
206 if ( self::$instance !== $this ) {
207 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
208 }
209 if ( !$this->enable ) {
210 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
211 }
212 return self::returnSuccess();
213 }
214
220 public function close() {
221 if ( self::$instance !== $this ) {
222 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
223 }
224 $this->sessionFieldCache = [];
225 return self::returnSuccess();
226 }
227
234 public function read( $id ) {
235 if ( self::$instance !== $this ) {
236 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
237 }
238 if ( !$this->enable ) {
239 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
240 }
241
242 $session = $this->manager->getSessionById( $id, false );
243 if ( !$session ) {
244 return '';
245 }
246 $session->persist();
247
248 $data = iterator_to_array( $session );
249 $this->sessionFieldCache[$id] = $data;
250 return (string)\Wikimedia\PhpSessionSerializer::encode( $data );
251 }
252
262 public function write( $id, $dataStr ) {
263 if ( self::$instance !== $this ) {
264 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
265 }
266 if ( !$this->enable ) {
267 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
268 }
269
270 $session = $this->manager->getSessionById( $id, true );
271 if ( !$session ) {
272 // This can happen under normal circumstances, if the session exists but is
273 // invalid. Let's emit a log warning instead of a PHP warning.
274 $this->logger->warning(
275 __METHOD__ . ': Session "{session}" cannot be loaded, skipping write.',
276 [
277 'session' => $id,
278 ] );
279 return self::returnSuccess();
280 }
281
282 // First, decode the string PHP handed us
283 $data = \Wikimedia\PhpSessionSerializer::decode( $dataStr );
284 if ( $data === null ) {
285 // @codeCoverageIgnoreStart
286 return self::returnFailure();
287 // @codeCoverageIgnoreEnd
288 }
289
290 // Now merge the data into the Session object.
291 $changed = false;
292 $cache = isset( $this->sessionFieldCache[$id] ) ? $this->sessionFieldCache[$id] : [];
293 foreach ( $data as $key => $value ) {
294 if ( !array_key_exists( $key, $cache ) ) {
295 if ( $session->exists( $key ) ) {
296 // New in both, so ignore and log
297 $this->logger->warning(
298 __METHOD__ . ": Key \"$key\" added in both Session and \$_SESSION!"
299 );
300 } else {
301 // New in $_SESSION, keep it
302 $session->set( $key, $value );
303 $changed = true;
304 }
305 } elseif ( $cache[$key] === $value ) {
306 // Unchanged in $_SESSION, so ignore it
307 } elseif ( !$session->exists( $key ) ) {
308 // Deleted in Session, keep but log
309 $this->logger->warning(
310 __METHOD__ . ": Key \"$key\" deleted in Session and changed in \$_SESSION!"
311 );
312 $session->set( $key, $value );
313 $changed = true;
314 } elseif ( $cache[$key] === $session->get( $key ) ) {
315 // Unchanged in Session, so keep it
316 $session->set( $key, $value );
317 $changed = true;
318 } else {
319 // Changed in both, so ignore and log
320 $this->logger->warning(
321 __METHOD__ . ": Key \"$key\" changed in both Session and \$_SESSION!"
322 );
323 }
324 }
325 // Anything deleted in $_SESSION and unchanged in Session should be deleted too
326 // (but not if $_SESSION can't represent it at all)
327 \Wikimedia\PhpSessionSerializer::setLogger( new \Psr\Log\NullLogger() );
328 foreach ( $cache as $key => $value ) {
329 if ( !array_key_exists( $key, $data ) && $session->exists( $key ) &&
330 \Wikimedia\PhpSessionSerializer::encode( [ $key => true ] )
331 ) {
332 if ( $cache[$key] === $session->get( $key ) ) {
333 // Unchanged in Session, delete it
334 $session->remove( $key );
335 $changed = true;
336 } else {
337 // Changed in Session, ignore deletion and log
338 $this->logger->warning(
339 __METHOD__ . ": Key \"$key\" changed in Session and deleted in \$_SESSION!"
340 );
341 }
342 }
343 }
344 \Wikimedia\PhpSessionSerializer::setLogger( $this->logger );
345
346 // Save and update cache if anything changed
347 if ( $changed ) {
348 if ( $this->warn ) {
349 wfDeprecated( '$_SESSION', '1.27' );
350 $this->logger->warning( 'Something wrote to $_SESSION!' );
351 }
352
353 $session->save();
354 $this->sessionFieldCache[$id] = iterator_to_array( $session );
355 }
356
357 $session->persist();
358
359 return self::returnSuccess();
360 }
361
368 public function destroy( $id ) {
369 if ( self::$instance !== $this ) {
370 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
371 }
372 if ( !$this->enable ) {
373 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
374 }
375 $session = $this->manager->getSessionById( $id, false );
376 if ( $session ) {
377 $session->clear();
378 }
379 return self::returnSuccess();
380 }
381
389 public function gc( $maxlifetime ) {
390 if ( self::$instance !== $this ) {
391 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
392 }
393 $before = date( 'YmdHis', time() );
394 $this->store->deleteObjectsExpiringBefore( $before );
395 return self::returnSuccess();
396 }
397}
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition APACHE-LICENSE-2.0.txt:10
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1123
BagOStuff
interface is intended to be more or less compatible with the PHP memcached client.
Definition BagOStuff.php:47
MediaWiki\Session\PHPSessionHandler
Adapter for PHP's session handling.
Definition PHPSessionHandler.php:34
MediaWiki\Session\PHPSessionHandler\gc
gc( $maxlifetime)
Execute garbage collection.
Definition PHPSessionHandler.php:389
MediaWiki\Session\PHPSessionHandler\write
write( $id, $dataStr)
Write session data.
Definition PHPSessionHandler.php:262
MediaWiki\Session\PHPSessionHandler\returnSuccess
static returnSuccess()
Workaround for PHP5 bug.
Definition PHPSessionHandler.php:184
MediaWiki\Session\PHPSessionHandler\setEnableFlags
setEnableFlags( $PHPSessionHandling)
Set $this->enable and $this->warn.
Definition PHPSessionHandler.php:69
MediaWiki\Session\PHPSessionHandler\isInstalled
static isInstalled()
Test whether the handler is installed.
Definition PHPSessionHandler.php:92
MediaWiki\Session\PHPSessionHandler\isEnabled
static isEnabled()
Test whether the handler is installed and enabled.
Definition PHPSessionHandler.php:100
MediaWiki\Session\PHPSessionHandler\setManager
setManager(SessionManager $manager, BagOStuff $store, LoggerInterface $logger)
Set the manager, store, and logger.
Definition PHPSessionHandler.php:156
MediaWiki\Session\PHPSessionHandler\close
close()
Close the session (handler)
Definition PHPSessionHandler.php:220
MediaWiki\Session\PHPSessionHandler\$sessionFieldCache
array $sessionFieldCache
Track original session fields for later modification check.
Definition PHPSessionHandler.php:52
MediaWiki\Session\PHPSessionHandler\open
open( $save_path, $session_name)
Initialize the session (handler)
Definition PHPSessionHandler.php:205
MediaWiki\Session\PHPSessionHandler\install
static install(SessionManager $manager)
Install a session handler for the current web request.
Definition PHPSessionHandler.php:108
MediaWiki\Session\PHPSessionHandler\$enable
bool $enable
Whether PHP session handling is enabled.
Definition PHPSessionHandler.php:39
MediaWiki\Session\PHPSessionHandler\returnFailure
static returnFailure()
Workaround for PHP5 bug.
Definition PHPSessionHandler.php:194
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition SessionManager.php:50
MediaWiki\Session\SessionManager\setupPHPSessionHandler
setupPHPSessionHandler(PHPSessionHandler $handler)
Call setters on a PHPSessionHandler.
Definition SessionManager.php:948
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition RequestContext.php:434
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition distributors.txt:22
array
the array() calling protocol came about after MediaWiki 1.4rc1.
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition hooks.txt:2006
false
processing should stop and the error should be shown to the user * false
Definition hooks.txt:187
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37
$cache
$cache
Definition mcc.php:33
store
MediaWiki s SiteStore can be cached and stored in a flat in a json format If the SiteStore is frequently the file cache may provide a performance benefit over a database store
Definition sitescache.txt:4