MediaWiki fundraising/REL1_35
ImmutableSessionProviderWithCookie.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
26use WebRequest;
27
42
44 protected $sessionCookieName = null;
46 protected $sessionCookieOptions = [];
47
55 public function __construct( $params = [] ) {
56 parent::__construct();
57
58 if ( isset( $params['sessionCookieName'] ) ) {
59 if ( !is_string( $params['sessionCookieName'] ) ) {
60 throw new \InvalidArgumentException( 'sessionCookieName must be a string' );
61 }
62 $this->sessionCookieName = $params['sessionCookieName'];
63 }
64 if ( isset( $params['sessionCookieOptions'] ) ) {
65 if ( !is_array( $params['sessionCookieOptions'] ) ) {
66 throw new \InvalidArgumentException( 'sessionCookieOptions must be an array' );
67 }
68 $this->sessionCookieOptions = $params['sessionCookieOptions'];
69 }
70 }
71
83 protected function getSessionIdFromCookie( WebRequest $request ) {
84 if ( $this->sessionCookieName === null ) {
85 throw new \BadMethodCallException(
86 __METHOD__ . ' may not be called when $this->sessionCookieName === null'
87 );
88 }
89
90 $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
91 $id = $request->getCookie( $this->sessionCookieName, $prefix );
92 return SessionManager::validateSessionId( $id ) ? $id : null;
93 }
94
99 public function persistsSessionId() {
100 return $this->sessionCookieName !== null;
101 }
102
107 public function canChangeUser() {
108 return false;
109 }
110
115 public function persistSession( SessionBackend $session, WebRequest $request ) {
116 if ( $this->sessionCookieName === null ) {
117 return;
118 }
119
120 $response = $request->response();
121 if ( $response->headersSent() ) {
122 // Can't do anything now
123 $this->logger->debug( __METHOD__ . ': Headers already sent' );
124 return;
125 }
126
128 if ( $session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS() ) {
129 // Send a cookie unless $wgForceHTTPS is set (T256095)
130 if ( !$this->config->get( 'ForceHTTPS' ) ) {
131 $response->setCookie( 'forceHTTPS', 'true', null,
132 [ 'prefix' => '', 'secure' => false ] + $options );
133 }
134 $options['secure'] = true;
135 }
136
137 $response->setCookie( $this->sessionCookieName, $session->getId(), null, $options );
138 }
139
144 public function unpersistSession( WebRequest $request ) {
145 if ( $this->sessionCookieName === null ) {
146 return;
147 }
148
149 $response = $request->response();
150 if ( $response->headersSent() ) {
151 // Can't do anything now
152 $this->logger->debug( __METHOD__ . ': Headers already sent' );
153 return;
154 }
155
156 $response->clearCookie( $this->sessionCookieName, $this->sessionCookieOptions );
157 }
158
163 public function getVaryCookies() {
164 if ( $this->sessionCookieName === null ) {
165 return [];
166 }
167
168 $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
169 return [ $prefix . $this->sessionCookieName ];
170 }
171
172 public function whyNoSession() {
173 return wfMessage( 'sessionprovider-nocookies' );
174 }
175}
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
whyNoSession()
Return a Message for why sessions might not be being persisted.For example, "check whether you're blo...
canChangeUser()
Indicate whether the user associated with the request can be changed.If false, any session passed to ...
persistsSessionId()
Indicate whether self::persistSession() can save arbitrary session IDs.If false, any session passed t...
unpersistSession(WebRequest $request)
Remove any persisted session from a request/response.For example, blank and expire any cookies set by...
persistSession(SessionBackend $session, WebRequest $request)
Persist a session into a request/response.For example, you might set cookies for the session's ID,...
getVaryCookies()
Return the list of cookies that need varying on.Stable to override For use by \MediaWiki\Session\Sess...
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
This is the actual workhorse for Session.
shouldForceHTTPS()
Whether HTTPS should be forced.
getId()
Returns the session ID.
getUser()
Returns the authenticated user for this session.
static validateSessionId( $id)
Validate a session ID.
A SessionProvider provides SessionInfo and support for Session.
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff,...
getCookie( $key, $prefix=null, $default=null)
Get a cookie from the $_COOKIE jar.