MediaWiki REL1_31
SessionManager.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
27use MWException;
28use Psr\Log\LoggerInterface;
29use BagOStuff;
31use Config;
32use FauxRequest;
33use User;
34use WebRequest;
35use Wikimedia\ObjectFactory;
36
52 private static $instance = null;
53
55 private static $globalSession = null;
56
58 private static $globalSessionRequest = null;
59
61 private $logger;
62
64 private $config;
65
67 private $store;
68
70 private $sessionProviders = null;
71
73 private $varyCookies = null;
74
76 private $varyHeaders = null;
77
79 private $allSessionBackends = [];
80
82 private $allSessionIds = [];
83
85 private $preventUsers = [];
86
92 public static function singleton() {
93 if ( self::$instance === null ) {
94 self::$instance = new self();
95 }
96 return self::$instance;
97 }
98
107 public static function getGlobalSession() {
109 $id = '';
110 } else {
111 $id = session_id();
112 }
113
114 $request = \RequestContext::getMain()->getRequest();
115 if (
116 !self::$globalSession // No global session is set up yet
117 || self::$globalSessionRequest !== $request // The global WebRequest changed
118 || $id !== '' && self::$globalSession->getId() !== $id // Someone messed with session_id()
119 ) {
120 self::$globalSessionRequest = $request;
121 if ( $id === '' ) {
122 // session_id() wasn't used, so fetch the Session from the WebRequest.
123 // We use $request->getSession() instead of $singleton->getSessionForRequest()
124 // because doing the latter would require a public
125 // "$request->getSessionId()" method that would confuse end
126 // users by returning SessionId|null where they'd expect it to
127 // be short for $request->getSession()->getId(), and would
128 // wind up being a duplicate of the code in
129 // $request->getSession() anyway.
130 self::$globalSession = $request->getSession();
131 } else {
132 // Someone used session_id(), so we need to follow suit.
133 // Note this overwrites whatever session might already be
134 // associated with $request with the one for $id.
135 self::$globalSession = self::singleton()->getSessionById( $id, true, $request )
136 ?: $request->getSession();
137 }
138 }
140 }
141
148 public function __construct( $options = [] ) {
149 if ( isset( $options['config'] ) ) {
150 $this->config = $options['config'];
151 if ( !$this->config instanceof Config ) {
152 throw new \InvalidArgumentException(
153 '$options[\'config\'] must be an instance of Config'
154 );
155 }
156 } else {
157 $this->config = MediaWikiServices::getInstance()->getMainConfig();
158 }
159
160 if ( isset( $options['logger'] ) ) {
161 if ( !$options['logger'] instanceof LoggerInterface ) {
162 throw new \InvalidArgumentException(
163 '$options[\'logger\'] must be an instance of LoggerInterface'
164 );
165 }
166 $this->setLogger( $options['logger'] );
167 } else {
168 $this->setLogger( \MediaWiki\Logger\LoggerFactory::getInstance( 'session' ) );
169 }
170
171 if ( isset( $options['store'] ) ) {
172 if ( !$options['store'] instanceof BagOStuff ) {
173 throw new \InvalidArgumentException(
174 '$options[\'store\'] must be an instance of BagOStuff'
175 );
176 }
177 $store = $options['store'];
178 } else {
179 $store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
180 }
181 $this->store = $store instanceof CachedBagOStuff ? $store : new CachedBagOStuff( $store );
182
183 register_shutdown_function( [ $this, 'shutdown' ] );
184 }
185
186 public function setLogger( LoggerInterface $logger ) {
187 $this->logger = $logger;
188 }
189
191 $info = $this->getSessionInfoForRequest( $request );
192
193 if ( !$info ) {
194 $session = $this->getEmptySession( $request );
195 } else {
196 $session = $this->getSessionFromInfo( $info, $request );
197 }
198 return $session;
199 }
200
201 public function getSessionById( $id, $create = false, WebRequest $request = null ) {
202 if ( !self::validateSessionId( $id ) ) {
203 throw new \InvalidArgumentException( 'Invalid session ID' );
204 }
205 if ( !$request ) {
206 $request = new FauxRequest;
207 }
208
209 $session = null;
210 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [ 'id' => $id, 'idIsSafe' => true ] );
211
212 // If we already have the backend loaded, use it directly
213 if ( isset( $this->allSessionBackends[$id] ) ) {
214 return $this->getSessionFromInfo( $info, $request );
215 }
216
217 // Test if the session is in storage, and if so try to load it.
218 $key = $this->store->makeKey( 'MWSession', $id );
219 if ( is_array( $this->store->get( $key ) ) ) {
220 $create = false; // If loading fails, don't bother creating because it probably will fail too.
221 if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
222 $session = $this->getSessionFromInfo( $info, $request );
223 }
224 }
225
226 if ( $create && $session === null ) {
227 $ex = null;
228 try {
229 $session = $this->getEmptySessionInternal( $request, $id );
230 } catch ( \Exception $ex ) {
231 $this->logger->error( 'Failed to create empty session: {exception}',
232 [
233 'method' => __METHOD__,
234 'exception' => $ex,
235 ] );
236 $session = null;
237 }
238 }
239
240 return $session;
241 }
242
243 public function getEmptySession( WebRequest $request = null ) {
244 return $this->getEmptySessionInternal( $request );
245 }
246
253 private function getEmptySessionInternal( WebRequest $request = null, $id = null ) {
254 if ( $id !== null ) {
255 if ( !self::validateSessionId( $id ) ) {
256 throw new \InvalidArgumentException( 'Invalid session ID' );
257 }
258
259 $key = $this->store->makeKey( 'MWSession', $id );
260 if ( is_array( $this->store->get( $key ) ) ) {
261 throw new \InvalidArgumentException( 'Session ID already exists' );
262 }
263 }
264 if ( !$request ) {
265 $request = new FauxRequest;
266 }
267
268 $infos = [];
269 foreach ( $this->getProviders() as $provider ) {
270 $info = $provider->newSessionInfo( $id );
271 if ( !$info ) {
272 continue;
273 }
274 if ( $info->getProvider() !== $provider ) {
275 throw new \UnexpectedValueException(
276 "$provider returned an empty session info for a different provider: $info"
277 );
278 }
279 if ( $id !== null && $info->getId() !== $id ) {
280 throw new \UnexpectedValueException(
281 "$provider returned empty session info with a wrong id: " .
282 $info->getId() . ' != ' . $id
283 );
284 }
285 if ( !$info->isIdSafe() ) {
286 throw new \UnexpectedValueException(
287 "$provider returned empty session info with id flagged unsafe"
288 );
289 }
290 $compare = $infos ? SessionInfo::compare( $infos[0], $info ) : -1;
291 if ( $compare > 0 ) {
292 continue;
293 }
294 if ( $compare === 0 ) {
295 $infos[] = $info;
296 } else {
297 $infos = [ $info ];
298 }
299 }
300
301 // Make sure there's exactly one
302 if ( count( $infos ) > 1 ) {
303 throw new \UnexpectedValueException(
304 'Multiple empty sessions tied for top priority: ' . implode( ', ', $infos )
305 );
306 } elseif ( count( $infos ) < 1 ) {
307 throw new \UnexpectedValueException( 'No provider could provide an empty session!' );
308 }
309
310 return $this->getSessionFromInfo( $infos[0], $request );
311 }
312
313 public function invalidateSessionsForUser( User $user ) {
314 $user->setToken();
315 $user->saveSettings();
316
317 $authUser = \MediaWiki\Auth\AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ] );
318 if ( $authUser ) {
319 $authUser->resetAuthToken();
320 }
321
322 foreach ( $this->getProviders() as $provider ) {
323 $provider->invalidateSessionsForUser( $user );
324 }
325 }
326
327 public function getVaryHeaders() {
328 // @codeCoverageIgnoreStart
329 if ( defined( 'MW_NO_SESSION' ) && MW_NO_SESSION !== 'warn' ) {
330 return [];
331 }
332 // @codeCoverageIgnoreEnd
333 if ( $this->varyHeaders === null ) {
334 $headers = [];
335 foreach ( $this->getProviders() as $provider ) {
336 foreach ( $provider->getVaryHeaders() as $header => $options ) {
337 if ( !isset( $headers[$header] ) ) {
338 $headers[$header] = [];
339 }
340 if ( is_array( $options ) ) {
341 $headers[$header] = array_unique( array_merge( $headers[$header], $options ) );
342 }
343 }
344 }
345 $this->varyHeaders = $headers;
346 }
347 return $this->varyHeaders;
348 }
349
350 public function getVaryCookies() {
351 // @codeCoverageIgnoreStart
352 if ( defined( 'MW_NO_SESSION' ) && MW_NO_SESSION !== 'warn' ) {
353 return [];
354 }
355 // @codeCoverageIgnoreEnd
356 if ( $this->varyCookies === null ) {
357 $cookies = [];
358 foreach ( $this->getProviders() as $provider ) {
359 $cookies = array_merge( $cookies, $provider->getVaryCookies() );
360 }
361 $this->varyCookies = array_values( array_unique( $cookies ) );
362 }
363 return $this->varyCookies;
364 }
365
371 public static function validateSessionId( $id ) {
372 return is_string( $id ) && preg_match( '/^[a-zA-Z0-9_-]{32,}$/', $id );
373 }
374
388 public static function autoCreateUser( User $user ) {
389 wfDeprecated( __METHOD__, '1.27' );
390 return \MediaWiki\Auth\AuthManager::singleton()->autoCreateUser(
391 $user,
392 \MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_SESSION,
393 false
394 )->isGood();
395 }
396
407 $this->preventUsers[$username] = true;
408
409 // Instruct the session providers to kill any other sessions too.
410 foreach ( $this->getProviders() as $provider ) {
411 $provider->preventSessionsForUser( $username );
412 }
413 }
414
422 return !empty( $this->preventUsers[$username] );
423 }
424
429 protected function getProviders() {
430 if ( $this->sessionProviders === null ) {
431 $this->sessionProviders = [];
432 foreach ( $this->config->get( 'SessionProviders' ) as $spec ) {
433 $provider = ObjectFactory::getObjectFromSpec( $spec );
434 $provider->setLogger( $this->logger );
435 $provider->setConfig( $this->config );
436 $provider->setManager( $this );
437 if ( isset( $this->sessionProviders[(string)$provider] ) ) {
438 throw new \UnexpectedValueException( "Duplicate provider name \"$provider\"" );
439 }
440 $this->sessionProviders[(string)$provider] = $provider;
441 }
442 }
444 }
445
456 public function getProvider( $name ) {
457 $providers = $this->getProviders();
458 return isset( $providers[$name] ) ? $providers[$name] : null;
459 }
460
465 public function shutdown() {
466 if ( $this->allSessionBackends ) {
467 $this->logger->debug( 'Saving all sessions on shutdown' );
468 if ( session_id() !== '' ) {
469 // @codeCoverageIgnoreStart
470 session_write_close();
471 }
472 // @codeCoverageIgnoreEnd
473 foreach ( $this->allSessionBackends as $backend ) {
474 $backend->shutdown();
475 }
476 }
477 }
478
485 // Call all providers to fetch "the" session
486 $infos = [];
487 foreach ( $this->getProviders() as $provider ) {
488 $info = $provider->provideSessionInfo( $request );
489 if ( !$info ) {
490 continue;
491 }
492 if ( $info->getProvider() !== $provider ) {
493 throw new \UnexpectedValueException(
494 "$provider returned session info for a different provider: $info"
495 );
496 }
497 $infos[] = $info;
498 }
499
500 // Sort the SessionInfos. Then find the first one that can be
501 // successfully loaded, and then all the ones after it with the same
502 // priority.
503 usort( $infos, 'MediaWiki\\Session\\SessionInfo::compare' );
504 $retInfos = [];
505 while ( $infos ) {
506 $info = array_pop( $infos );
507 if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
508 $retInfos[] = $info;
509 while ( $infos ) {
510 $info = array_pop( $infos );
511 if ( SessionInfo::compare( $retInfos[0], $info ) ) {
512 // We hit a lower priority, stop checking.
513 break;
514 }
515 if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
516 // This is going to error out below, but we want to
517 // provide a complete list.
518 $retInfos[] = $info;
519 } else {
520 // Session load failed, so unpersist it from this request
521 $info->getProvider()->unpersistSession( $request );
522 }
523 }
524 } else {
525 // Session load failed, so unpersist it from this request
526 $info->getProvider()->unpersistSession( $request );
527 }
528 }
529
530 if ( count( $retInfos ) > 1 ) {
531 $ex = new \OverflowException(
532 'Multiple sessions for this request tied for top priority: ' . implode( ', ', $retInfos )
533 );
534 $ex->sessionInfos = $retInfos;
535 throw $ex;
536 }
537
538 return $retInfos ? $retInfos[0] : null;
539 }
540
549 $key = $this->store->makeKey( 'MWSession', $info->getId() );
550 $blob = $this->store->get( $key );
551
552 // If we got data from the store and the SessionInfo says to force use,
553 // "fail" means to delete the data from the store and retry. Otherwise,
554 // "fail" is just return false.
555 if ( $info->forceUse() && $blob !== false ) {
556 $failHandler = function () use ( $key, &$info, $request ) {
557 $this->store->delete( $key );
558 return $this->loadSessionInfoFromStore( $info, $request );
559 };
560 } else {
561 $failHandler = function () {
562 return false;
563 };
564 }
565
566 $newParams = [];
567
568 if ( $blob !== false ) {
569 // Sanity check: blob must be an array, if it's saved at all
570 if ( !is_array( $blob ) ) {
571 $this->logger->warning( 'Session "{session}": Bad data', [
572 'session' => $info,
573 ] );
574 $this->store->delete( $key );
575 return $failHandler();
576 }
577
578 // Sanity check: blob has data and metadata arrays
579 if ( !isset( $blob['data'] ) || !is_array( $blob['data'] ) ||
580 !isset( $blob['metadata'] ) || !is_array( $blob['metadata'] )
581 ) {
582 $this->logger->warning( 'Session "{session}": Bad data structure', [
583 'session' => $info,
584 ] );
585 $this->store->delete( $key );
586 return $failHandler();
587 }
588
589 $data = $blob['data'];
590 $metadata = $blob['metadata'];
591
592 // Sanity check: metadata must be an array and must contain certain
593 // keys, if it's saved at all
594 if ( !array_key_exists( 'userId', $metadata ) ||
595 !array_key_exists( 'userName', $metadata ) ||
596 !array_key_exists( 'userToken', $metadata ) ||
597 !array_key_exists( 'provider', $metadata )
598 ) {
599 $this->logger->warning( 'Session "{session}": Bad metadata', [
600 'session' => $info,
601 ] );
602 $this->store->delete( $key );
603 return $failHandler();
604 }
605
606 // First, load the provider from metadata, or validate it against the metadata.
607 $provider = $info->getProvider();
608 if ( $provider === null ) {
609 $newParams['provider'] = $provider = $this->getProvider( $metadata['provider'] );
610 if ( !$provider ) {
611 $this->logger->warning(
612 'Session "{session}": Unknown provider ' . $metadata['provider'],
613 [
614 'session' => $info,
615 ]
616 );
617 $this->store->delete( $key );
618 return $failHandler();
619 }
620 } elseif ( $metadata['provider'] !== (string)$provider ) {
621 $this->logger->warning( 'Session "{session}": Wrong provider ' .
622 $metadata['provider'] . ' !== ' . $provider,
623 [
624 'session' => $info,
625 ] );
626 return $failHandler();
627 }
628
629 // Load provider metadata from metadata, or validate it against the metadata
630 $providerMetadata = $info->getProviderMetadata();
631 if ( isset( $metadata['providerMetadata'] ) ) {
632 if ( $providerMetadata === null ) {
633 $newParams['metadata'] = $metadata['providerMetadata'];
634 } else {
635 try {
636 $newProviderMetadata = $provider->mergeMetadata(
637 $metadata['providerMetadata'], $providerMetadata
638 );
639 if ( $newProviderMetadata !== $providerMetadata ) {
640 $newParams['metadata'] = $newProviderMetadata;
641 }
642 } catch ( MetadataMergeException $ex ) {
643 $this->logger->warning(
644 'Session "{session}": Metadata merge failed: {exception}',
645 [
646 'session' => $info,
647 'exception' => $ex,
648 ] + $ex->getContext()
649 );
650 return $failHandler();
651 }
652 }
653 }
654
655 // Next, load the user from metadata, or validate it against the metadata.
656 $userInfo = $info->getUserInfo();
657 if ( !$userInfo ) {
658 // For loading, id is preferred to name.
659 try {
660 if ( $metadata['userId'] ) {
661 $userInfo = UserInfo::newFromId( $metadata['userId'] );
662 } elseif ( $metadata['userName'] !== null ) { // Shouldn't happen, but just in case
663 $userInfo = UserInfo::newFromName( $metadata['userName'] );
664 } else {
665 $userInfo = UserInfo::newAnonymous();
666 }
667 } catch ( \InvalidArgumentException $ex ) {
668 $this->logger->error( 'Session "{session}": {exception}', [
669 'session' => $info,
670 'exception' => $ex,
671 ] );
672 return $failHandler();
673 }
674 $newParams['userInfo'] = $userInfo;
675 } else {
676 // User validation passes if user ID matches, or if there
677 // is no saved ID and the names match.
678 if ( $metadata['userId'] ) {
679 if ( $metadata['userId'] !== $userInfo->getId() ) {
680 $this->logger->warning(
681 'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}',
682 [
683 'session' => $info,
684 'uid_a' => $metadata['userId'],
685 'uid_b' => $userInfo->getId(),
686 ] );
687 return $failHandler();
688 }
689
690 // If the user was renamed, probably best to fail here.
691 if ( $metadata['userName'] !== null &&
692 $userInfo->getName() !== $metadata['userName']
693 ) {
694 $this->logger->warning(
695 'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}',
696 [
697 'session' => $info,
698 'uname_a' => $metadata['userName'],
699 'uname_b' => $userInfo->getName(),
700 ] );
701 return $failHandler();
702 }
703
704 } elseif ( $metadata['userName'] !== null ) { // Shouldn't happen, but just in case
705 if ( $metadata['userName'] !== $userInfo->getName() ) {
706 $this->logger->warning(
707 'Session "{session}": User name mismatch, {uname_a} !== {uname_b}',
708 [
709 'session' => $info,
710 'uname_a' => $metadata['userName'],
711 'uname_b' => $userInfo->getName(),
712 ] );
713 return $failHandler();
714 }
715 } elseif ( !$userInfo->isAnon() ) {
716 // Metadata specifies an anonymous user, but the passed-in
717 // user isn't anonymous.
718 $this->logger->warning(
719 'Session "{session}": Metadata has an anonymous user, but a non-anon user was provided',
720 [
721 'session' => $info,
722 ] );
723 return $failHandler();
724 }
725 }
726
727 // And if we have a token in the metadata, it must match the loaded/provided user.
728 if ( $metadata['userToken'] !== null &&
729 $userInfo->getToken() !== $metadata['userToken']
730 ) {
731 $this->logger->warning( 'Session "{session}": User token mismatch', [
732 'session' => $info,
733 ] );
734 return $failHandler();
735 }
736 if ( !$userInfo->isVerified() ) {
737 $newParams['userInfo'] = $userInfo->verified();
738 }
739
740 if ( !empty( $metadata['remember'] ) && !$info->wasRemembered() ) {
741 $newParams['remembered'] = true;
742 }
743 if ( !empty( $metadata['forceHTTPS'] ) && !$info->forceHTTPS() ) {
744 $newParams['forceHTTPS'] = true;
745 }
746 if ( !empty( $metadata['persisted'] ) && !$info->wasPersisted() ) {
747 $newParams['persisted'] = true;
748 }
749
750 if ( !$info->isIdSafe() ) {
751 $newParams['idIsSafe'] = true;
752 }
753 } else {
754 // No metadata, so we can't load the provider if one wasn't given.
755 if ( $info->getProvider() === null ) {
756 $this->logger->warning(
757 'Session "{session}": Null provider and no metadata',
758 [
759 'session' => $info,
760 ] );
761 return $failHandler();
762 }
763
764 // If no user was provided and no metadata, it must be anon.
765 if ( !$info->getUserInfo() ) {
766 if ( $info->getProvider()->canChangeUser() ) {
767 $newParams['userInfo'] = UserInfo::newAnonymous();
768 } else {
769 $this->logger->info(
770 'Session "{session}": No user provided and provider cannot set user',
771 [
772 'session' => $info,
773 ] );
774 return $failHandler();
775 }
776 } elseif ( !$info->getUserInfo()->isVerified() ) {
777 // probably just a session timeout
778 $this->logger->info(
779 'Session "{session}": Unverified user provided and no metadata to auth it',
780 [
781 'session' => $info,
782 ] );
783 return $failHandler();
784 }
785
786 $data = false;
787 $metadata = false;
788
789 if ( !$info->getProvider()->persistsSessionId() && !$info->isIdSafe() ) {
790 // The ID doesn't come from the user, so it should be safe
791 // (and if not, nothing we can do about it anyway)
792 $newParams['idIsSafe'] = true;
793 }
794 }
795
796 // Construct the replacement SessionInfo, if necessary
797 if ( $newParams ) {
798 $newParams['copyFrom'] = $info;
799 $info = new SessionInfo( $info->getPriority(), $newParams );
800 }
801
802 // Allow the provider to check the loaded SessionInfo
803 $providerMetadata = $info->getProviderMetadata();
804 if ( !$info->getProvider()->refreshSessionInfo( $info, $request, $providerMetadata ) ) {
805 return $failHandler();
806 }
807 if ( $providerMetadata !== $info->getProviderMetadata() ) {
808 $info = new SessionInfo( $info->getPriority(), [
809 'metadata' => $providerMetadata,
810 'copyFrom' => $info,
811 ] );
812 }
813
814 // Give hooks a chance to abort. Combined with the SessionMetadata
815 // hook, this can allow for tying a session to an IP address or the
816 // like.
817 $reason = 'Hook aborted';
818 if ( !\Hooks::run(
819 'SessionCheckInfo',
820 [ &$reason, $info, $request, $metadata, $data ]
821 ) ) {
822 $this->logger->warning( 'Session "{session}": ' . $reason, [
823 'session' => $info,
824 ] );
825 return $failHandler();
826 }
827
828 return true;
829 }
830
840 // @codeCoverageIgnoreStart
841 if ( defined( 'MW_NO_SESSION' ) ) {
842 if ( MW_NO_SESSION === 'warn' ) {
843 // Undocumented safety case for converting existing entry points
844 $this->logger->error( 'Sessions are supposed to be disabled for this entry point', [
845 'exception' => new \BadMethodCallException( 'Sessions are disabled for this entry point' ),
846 ] );
847 } else {
848 throw new \BadMethodCallException( 'Sessions are disabled for this entry point' );
849 }
850 }
851 // @codeCoverageIgnoreEnd
852
853 $id = $info->getId();
854
855 if ( !isset( $this->allSessionBackends[$id] ) ) {
856 if ( !isset( $this->allSessionIds[$id] ) ) {
857 $this->allSessionIds[$id] = new SessionId( $id );
858 }
859 $backend = new SessionBackend(
860 $this->allSessionIds[$id],
861 $info,
862 $this->store,
863 $this->logger,
864 $this->config->get( 'ObjectCacheSessionExpiry' )
865 );
866 $this->allSessionBackends[$id] = $backend;
867 $delay = $backend->delaySave();
868 } else {
869 $backend = $this->allSessionBackends[$id];
870 $delay = $backend->delaySave();
871 if ( $info->wasPersisted() ) {
872 $backend->persist();
873 }
874 if ( $info->wasRemembered() ) {
875 $backend->setRememberUser( true );
876 }
877 }
878
879 $request->setSessionId( $backend->getSessionId() );
880 $session = $backend->getSession( $request );
881
882 if ( !$info->isIdSafe() ) {
883 $session->resetId();
884 }
885
886 \Wikimedia\ScopedCallback::consume( $delay );
887 return $session;
888 }
889
895 public function deregisterSessionBackend( SessionBackend $backend ) {
896 $id = $backend->getId();
897 if ( !isset( $this->allSessionBackends[$id] ) || !isset( $this->allSessionIds[$id] ) ||
898 $this->allSessionBackends[$id] !== $backend ||
899 $this->allSessionIds[$id] !== $backend->getSessionId()
900 ) {
901 throw new \InvalidArgumentException( 'Backend was not registered with this SessionManager' );
902 }
903
904 unset( $this->allSessionBackends[$id] );
905 // Explicitly do not unset $this->allSessionIds[$id]
906 }
907
913 public function changeBackendId( SessionBackend $backend ) {
914 $sessionId = $backend->getSessionId();
915 $oldId = (string)$sessionId;
916 if ( !isset( $this->allSessionBackends[$oldId] ) || !isset( $this->allSessionIds[$oldId] ) ||
917 $this->allSessionBackends[$oldId] !== $backend ||
918 $this->allSessionIds[$oldId] !== $sessionId
919 ) {
920 throw new \InvalidArgumentException( 'Backend was not registered with this SessionManager' );
921 }
922
923 $newId = $this->generateSessionId();
924
925 unset( $this->allSessionBackends[$oldId], $this->allSessionIds[$oldId] );
926 $sessionId->setId( $newId );
927 $this->allSessionBackends[$newId] = $backend;
928 $this->allSessionIds[$newId] = $sessionId;
929 }
930
935 public function generateSessionId() {
936 do {
937 $id = \Wikimedia\base_convert( \MWCryptRand::generateHex( 40 ), 16, 32, 32 );
938 $key = $this->store->makeKey( 'MWSession', $id );
939 } while ( isset( $this->allSessionIds[$id] ) || is_array( $this->store->get( $key ) ) );
940 return $id;
941 }
942
949 $handler->setManager( $this, $this->store, $this->logger );
950 }
951
956 public static function resetCache() {
957 if ( !defined( 'MW_PHPUNIT_TEST' ) ) {
958 // @codeCoverageIgnoreStart
959 throw new MWException( __METHOD__ . ' may only be called from unit tests!' );
960 // @codeCoverageIgnoreEnd
961 }
962
963 self::$globalSession = null;
964 self::$globalSessionRequest = null;
965 }
966
969}
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
interface is intended to be more or less compatible with the PHP memcached client.
Definition BagOStuff.php:47
Wrapper around a BagOStuff that caches data in memory.
WebRequest clone which takes values from a provided array.
static generateHex( $chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format.
MediaWiki exception.
MediaWikiServices is the service locator for the application scope of MediaWiki.
static getInstance()
Returns the global default instance of the top level service locator.
Subclass of UnexpectedValueException that can be annotated with additional data for debug logging.
Adapter for PHP's session handling.
static isEnabled()
Test whether the handler is installed and enabled.
This is the actual workhorse for Session.
getSessionId()
Fetch the SessionId object.
getId()
Returns the session ID.
Value object holding the session ID in a manner that can be globally updated.
Definition SessionId.php:38
Value object returned by SessionProvider.
forceUse()
Force use of this SessionInfo if validation fails.
getProviderMetadata()
Return provider metadata.
getId()
Return the session ID.
getProvider()
Return the provider.
isIdSafe()
Indicate whether the ID is "safe".
getUserInfo()
Return the user.
wasPersisted()
Return whether the session is persisted.
const MIN_PRIORITY
Minimum allowed priority.
getPriority()
Return the priority.
wasRemembered()
Return whether the user was remembered.
forceHTTPS()
Whether this session should only be used over HTTPS.
static compare( $a, $b)
Compare two SessionInfo objects by priority.
This serves as the entry point to the MediaWiki session handling system.
static resetCache()
Reset the internal caching for unit testing.
getVaryHeaders()
Return the HTTP headers that need varying on.
deregisterSessionBackend(SessionBackend $backend)
Deregister a SessionBackend.
invalidateSessionsForUser(User $user)
Invalidate sessions for a user.
static WebRequest null $globalSessionRequest
loadSessionInfoFromStore(SessionInfo &$info, WebRequest $request)
Load and verify the session info against the store.
getVaryCookies()
Return the list of cookies that need varying on.
setupPHPSessionHandler(PHPSessionHandler $handler)
Call setters on a PHPSessionHandler.
getEmptySessionInternal(WebRequest $request=null, $id=null)
static SessionManager null $instance
getEmptySession(WebRequest $request=null)
Create a new, empty session.
static getGlobalSession()
Get the "global" session.
getSessionInfoForRequest(WebRequest $request)
Fetch the SessionInfo(s) for a request.
preventSessionsForUser( $username)
Prevent future sessions for the user.
shutdown()
Save all active sessions on shutdown.
getSessionById( $id, $create=false, WebRequest $request=null)
Fetch a session by ID.
getProvider( $name)
Get a session provider by name.
static autoCreateUser(User $user)
Auto-create the given user, if necessary.
static validateSessionId( $id)
Validate a session ID.
getProviders()
Get the available SessionProviders.
static singleton()
Get the global SessionManager.
changeBackendId(SessionBackend $backend)
Change a SessionBackend's ID.
generateSessionId()
Generate a new random session ID.
setLogger(LoggerInterface $logger)
getSessionFromInfo(SessionInfo $info, WebRequest $request)
Create a Session corresponding to the passed SessionInfo.
getSessionForRequest(WebRequest $request)
Fetch the session for a request (or a new empty session if none is attached to it)
isUserSessionPrevented( $username)
Test if a user is prevented.
A SessionProvider provides SessionInfo and support for Session.
Manages data for an an authenticated session.
Definition Session.php:48
static newFromName( $name, $verified=false)
Create an instance for a logged-in user by name.
Definition UserInfo.php:102
static newAnonymous()
Create an instance for an anonymous (i.e.
Definition UserInfo.php:74
static newFromId( $id, $verified=false)
Create an instance for a logged-in user by ID.
Definition UserInfo.php:84
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:53
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2806
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition hooks.txt:2001
this hook is for auditing only or null if authentication failed before getting that far $username
Definition hooks.txt:785
Allows to change the fields on the form that will be generated $name
Definition hooks.txt:302
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable modifiable after all normalizations have been except for the $wgMaxImageArea check set to true or false to override the $wgMaxImageArea check result gives extension the possibility to transform it themselves $handler
Definition hooks.txt:903
Interface for configuration instances.
Definition Config.php:28
This exists to make IDEs happy, so they don't see the internal-but-required-to-be-public methods on S...
const MW_NO_SESSION
Definition load.php:30
A helper class for throttling authentication attempts.
$header