MediaWiki REL1_33
PHPSessionHandler.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
26use Psr\Log\LoggerInterface;
27use BagOStuff;
28
34class PHPSessionHandler implements \SessionHandlerInterface {
36 protected static $instance = null;
37
39 protected $enable = false;
40
42 protected $warn = true;
43
45 protected $manager;
46
48 protected $store;
49
51 protected $logger;
52
54 protected $sessionFieldCache = [];
55
56 protected function __construct( SessionManager $manager ) {
57 $this->setEnableFlags(
58 \RequestContext::getMain()->getConfig()->get( 'PHPSessionHandling' )
59 );
60 $manager->setupPHPSessionHandler( $this );
61 }
62
71 private function setEnableFlags( $PHPSessionHandling ) {
72 switch ( $PHPSessionHandling ) {
73 case 'enable':
74 $this->enable = true;
75 $this->warn = false;
76 break;
77
78 case 'warn':
79 $this->enable = true;
80 $this->warn = true;
81 break;
82
83 case 'disable':
84 $this->enable = false;
85 $this->warn = false;
86 break;
87 }
88 }
89
94 public static function isInstalled() {
95 return (bool)self::$instance;
96 }
97
102 public static function isEnabled() {
103 return self::$instance && self::$instance->enable;
104 }
105
110 public static function install( SessionManager $manager ) {
111 if ( self::$instance ) {
112 $manager->setupPHPSessionHandler( self::$instance );
113 return;
114 }
115
116 // @codeCoverageIgnoreStart
117 if ( defined( 'MW_NO_SESSION_HANDLER' ) ) {
118 throw new \BadMethodCallException( 'MW_NO_SESSION_HANDLER is defined' );
119 }
120 // @codeCoverageIgnoreEnd
121
122 self::$instance = new self( $manager );
123
124 // Close any auto-started session, before we replace it
125 session_write_close();
126
127 try {
128 \Wikimedia\suppressWarnings();
129
130 // Tell PHP not to mess with cookies itself
131 ini_set( 'session.use_cookies', 0 );
132 ini_set( 'session.use_trans_sid', 0 );
133
134 // T124510: Disable automatic PHP session related cache headers.
135 // MediaWiki adds it's own headers and the default PHP behavior may
136 // set headers such as 'Pragma: no-cache' that cause problems with
137 // some user agents.
138 session_cache_limiter( '' );
139
140 // Also set a sane serialization handler
141 \Wikimedia\PhpSessionSerializer::setSerializeHandler();
142
143 // Register this as the save handler, and register an appropriate
144 // shutdown function.
145 session_set_save_handler( self::$instance, true );
146 } finally {
147 \Wikimedia\restoreWarnings();
148 }
149 }
150
158 public function setManager(
159 SessionManager $manager, BagOStuff $store, LoggerInterface $logger
160 ) {
161 if ( $this->manager !== $manager ) {
162 // Close any existing session before we change stores
163 if ( $this->manager ) {
164 session_write_close();
165 }
166 $this->manager = $manager;
167 $this->store = $store;
168 $this->logger = $logger;
169 \Wikimedia\PhpSessionSerializer::setLogger( $this->logger );
170 }
171 }
172
180 public function open( $save_path, $session_name ) {
181 if ( self::$instance !== $this ) {
182 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
183 }
184 if ( !$this->enable ) {
185 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
186 }
187 return true;
188 }
189
195 public function close() {
196 if ( self::$instance !== $this ) {
197 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
198 }
199 $this->sessionFieldCache = [];
200 return true;
201 }
202
209 public function read( $id ) {
210 if ( self::$instance !== $this ) {
211 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
212 }
213 if ( !$this->enable ) {
214 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
215 }
216
217 $session = $this->manager->getSessionById( $id, false );
218 if ( !$session ) {
219 return '';
220 }
221 $session->persist();
222
223 $data = iterator_to_array( $session );
224 $this->sessionFieldCache[$id] = $data;
225 return (string)\Wikimedia\PhpSessionSerializer::encode( $data );
226 }
227
237 public function write( $id, $dataStr ) {
238 if ( self::$instance !== $this ) {
239 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
240 }
241 if ( !$this->enable ) {
242 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
243 }
244
245 $session = $this->manager->getSessionById( $id, true );
246 if ( !$session ) {
247 // This can happen under normal circumstances, if the session exists but is
248 // invalid. Let's emit a log warning instead of a PHP warning.
249 $this->logger->warning(
250 __METHOD__ . ': Session "{session}" cannot be loaded, skipping write.',
251 [
252 'session' => $id,
253 ] );
254 return true;
255 }
256
257 // First, decode the string PHP handed us
258 $data = \Wikimedia\PhpSessionSerializer::decode( $dataStr );
259 if ( $data === null ) {
260 // @codeCoverageIgnoreStart
261 return false;
262 // @codeCoverageIgnoreEnd
263 }
264
265 // Now merge the data into the Session object.
266 $changed = false;
267 $cache = $this->sessionFieldCache[$id] ?? [];
268 foreach ( $data as $key => $value ) {
269 if ( !array_key_exists( $key, $cache ) ) {
270 if ( $session->exists( $key ) ) {
271 // New in both, so ignore and log
272 $this->logger->warning(
273 __METHOD__ . ": Key \"$key\" added in both Session and \$_SESSION!"
274 );
275 } else {
276 // New in $_SESSION, keep it
277 $session->set( $key, $value );
278 $changed = true;
279 }
280 } elseif ( $cache[$key] === $value ) {
281 // Unchanged in $_SESSION, so ignore it
282 } elseif ( !$session->exists( $key ) ) {
283 // Deleted in Session, keep but log
284 $this->logger->warning(
285 __METHOD__ . ": Key \"$key\" deleted in Session and changed in \$_SESSION!"
286 );
287 $session->set( $key, $value );
288 $changed = true;
289 } elseif ( $cache[$key] === $session->get( $key ) ) {
290 // Unchanged in Session, so keep it
291 $session->set( $key, $value );
292 $changed = true;
293 } else {
294 // Changed in both, so ignore and log
295 $this->logger->warning(
296 __METHOD__ . ": Key \"$key\" changed in both Session and \$_SESSION!"
297 );
298 }
299 }
300 // Anything deleted in $_SESSION and unchanged in Session should be deleted too
301 // (but not if $_SESSION can't represent it at all)
302 \Wikimedia\PhpSessionSerializer::setLogger( new \Psr\Log\NullLogger() );
303 foreach ( $cache as $key => $value ) {
304 if ( !array_key_exists( $key, $data ) && $session->exists( $key ) &&
305 \Wikimedia\PhpSessionSerializer::encode( [ $key => true ] )
306 ) {
307 if ( $cache[$key] === $session->get( $key ) ) {
308 // Unchanged in Session, delete it
309 $session->remove( $key );
310 $changed = true;
311 } else {
312 // Changed in Session, ignore deletion and log
313 $this->logger->warning(
314 __METHOD__ . ": Key \"$key\" changed in Session and deleted in \$_SESSION!"
315 );
316 }
317 }
318 }
319 \Wikimedia\PhpSessionSerializer::setLogger( $this->logger );
320
321 // Save and update cache if anything changed
322 if ( $changed ) {
323 if ( $this->warn ) {
324 wfDeprecated( '$_SESSION', '1.27' );
325 $this->logger->warning( 'Something wrote to $_SESSION!' );
326 }
327
328 $session->save();
329 $this->sessionFieldCache[$id] = iterator_to_array( $session );
330 }
331
332 $session->persist();
333
334 return true;
335 }
336
343 public function destroy( $id ) {
344 if ( self::$instance !== $this ) {
345 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
346 }
347 if ( !$this->enable ) {
348 throw new \BadMethodCallException( 'Attempt to use PHP session management' );
349 }
350 $session = $this->manager->getSessionById( $id, false );
351 if ( $session ) {
352 $session->clear();
353 }
354 return true;
355 }
356
364 public function gc( $maxlifetime ) {
365 if ( self::$instance !== $this ) {
366 throw new \UnexpectedValueException( __METHOD__ . ': Wrong instance called!' );
367 }
368 $before = date( 'YmdHis', time() );
369 $this->store->deleteObjectsExpiringBefore( $before );
370 return true;
371 }
372}
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition APACHE-LICENSE-2.0.txt:10
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1090
BagOStuff
Class representing a cache/ephemeral data store.
Definition BagOStuff.php:58
MediaWiki\Session\PHPSessionHandler
Adapter for PHP's session handling.
Definition PHPSessionHandler.php:34
MediaWiki\Session\PHPSessionHandler\gc
gc( $maxlifetime)
Execute garbage collection.
Definition PHPSessionHandler.php:364
MediaWiki\Session\PHPSessionHandler\write
write( $id, $dataStr)
Write session data.
Definition PHPSessionHandler.php:237
MediaWiki\Session\PHPSessionHandler\setEnableFlags
setEnableFlags( $PHPSessionHandling)
Set $this->enable and $this->warn.
Definition PHPSessionHandler.php:71
MediaWiki\Session\PHPSessionHandler\isInstalled
static isInstalled()
Test whether the handler is installed.
Definition PHPSessionHandler.php:94
MediaWiki\Session\PHPSessionHandler\isEnabled
static isEnabled()
Test whether the handler is installed and enabled.
Definition PHPSessionHandler.php:102
MediaWiki\Session\PHPSessionHandler\setManager
setManager(SessionManager $manager, BagOStuff $store, LoggerInterface $logger)
Set the manager, store, and logger.
Definition PHPSessionHandler.php:158
MediaWiki\Session\PHPSessionHandler\close
close()
Close the session (handler)
Definition PHPSessionHandler.php:195
MediaWiki\Session\PHPSessionHandler\$sessionFieldCache
array $sessionFieldCache
Track original session fields for later modification check.
Definition PHPSessionHandler.php:54
MediaWiki\Session\PHPSessionHandler\open
open( $save_path, $session_name)
Initialize the session (handler)
Definition PHPSessionHandler.php:180
MediaWiki\Session\PHPSessionHandler\install
static install(SessionManager $manager)
Install a session handler for the current web request.
Definition PHPSessionHandler.php:110
MediaWiki\Session\PHPSessionHandler\$enable
bool $enable
Whether PHP session handling is enabled.
Definition PHPSessionHandler.php:39
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition SessionManager.php:50
MediaWiki\Session\SessionManager\setupPHPSessionHandler
setupPHPSessionHandler(PHPSessionHandler $handler)
Call setters on a PHPSessionHandler.
Definition SessionManager.php:926
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition distributors.txt:22
$data
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
Definition generatePhpCharToUpperMappings.php:13
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37
$cache
$cache
Definition mcc.php:33
array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
Wikimedia
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...