MediaWiki REL1_39
ImmutableSessionProviderWithCookie.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
27use WebRequest;
28
43
45 protected $sessionCookieName = null;
47 protected $sessionCookieOptions = [];
48
56 public function __construct( $params = [] ) {
57 parent::__construct();
58
59 if ( isset( $params['sessionCookieName'] ) ) {
60 if ( !is_string( $params['sessionCookieName'] ) ) {
61 throw new \InvalidArgumentException( 'sessionCookieName must be a string' );
62 }
63 $this->sessionCookieName = $params['sessionCookieName'];
64 }
65 if ( isset( $params['sessionCookieOptions'] ) ) {
66 if ( !is_array( $params['sessionCookieOptions'] ) ) {
67 throw new \InvalidArgumentException( 'sessionCookieOptions must be an array' );
68 }
69 $this->sessionCookieOptions = $params['sessionCookieOptions'];
70 }
71 }
72
84 protected function getSessionIdFromCookie( WebRequest $request ) {
85 if ( $this->sessionCookieName === null ) {
86 throw new \BadMethodCallException(
87 __METHOD__ . ' may not be called when $this->sessionCookieName === null'
88 );
89 }
90
91 $prefix = $this->sessionCookieOptions['prefix']
92 ?? $this->getConfig()->get( MainConfigNames::CookiePrefix );
93 $id = $request->getCookie( $this->sessionCookieName, $prefix );
94 return SessionManager::validateSessionId( $id ) ? $id : null;
95 }
96
101 public function persistsSessionId() {
102 return $this->sessionCookieName !== null;
103 }
104
109 public function canChangeUser() {
110 return false;
111 }
112
117 public function persistSession( SessionBackend $session, WebRequest $request ) {
118 if ( $this->sessionCookieName === null ) {
119 return;
120 }
121
122 $response = $request->response();
123 if ( $response->headersSent() ) {
124 // Can't do anything now
125 $this->logger->debug( __METHOD__ . ': Headers already sent' );
126 return;
127 }
128
130 if ( $session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS() ) {
131 // Send a cookie unless $wgForceHTTPS is set (T256095)
132 if ( !$this->getConfig()->get( MainConfigNames::ForceHTTPS ) ) {
133 $response->setCookie( 'forceHTTPS', 'true', null,
134 [ 'prefix' => '', 'secure' => false ] + $options );
135 }
136 $options['secure'] = true;
137 }
138
139 $response->setCookie( $this->sessionCookieName, $session->getId(), null, $options );
140 }
141
146 public function unpersistSession( WebRequest $request ) {
147 if ( $this->sessionCookieName === null ) {
148 return;
149 }
150
151 $response = $request->response();
152 if ( $response->headersSent() ) {
153 // Can't do anything now
154 $this->logger->debug( __METHOD__ . ': Headers already sent' );
155 return;
156 }
157
158 $response->clearCookie( $this->sessionCookieName, $this->sessionCookieOptions );
159 }
160
165 public function getVaryCookies() {
166 if ( $this->sessionCookieName === null ) {
167 return [];
168 }
169
170 $prefix = $this->sessionCookieOptions['prefix'] ??
172 return [ $prefix . $this->sessionCookieName ];
173 }
174
175 public function whyNoSession() {
176 return wfMessage( 'sessionprovider-nocookies' );
177 }
178}
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
A class containing constants representing the names of configuration variables.
const ForceHTTPS
Name constant for the ForceHTTPS setting, for use with Config::get()
const CookiePrefix
Name constant for the CookiePrefix setting, for use with Config::get()
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
whyNoSession()
Return a Message for why sessions might not be being persisted.For example, "check whether you're blo...
canChangeUser()
Indicate whether the user associated with the request can be changed.If false, any session passed to ...
persistsSessionId()
Indicate whether self::persistSession() can save arbitrary session IDs.If false, any session passed t...
unpersistSession(WebRequest $request)
Remove any persisted session from a request/response.For example, blank and expire any cookies set by...
persistSession(SessionBackend $session, WebRequest $request)
Persist a session into a request/response.For example, you might set cookies for the session's ID,...
getVaryCookies()
Return the list of cookies that need varying on.to override For use by \MediaWiki\Session\SessionMana...
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
This is the actual workhorse for Session.
shouldForceHTTPS()
Whether HTTPS should be forced.
getId()
Returns the session ID.
getUser()
Returns the authenticated user for this session.
static validateSessionId( $id)
Validate a session ID.
A SessionProvider provides SessionInfo and support for Session.
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff,...
getCookie( $key, $prefix=null, $default=null)
Get a cookie from the $_COOKIE jar.