62 parent::__construct();
65 'cookieOptions' => [],
70 if ( !isset(
$params[
'priority'] ) ) {
71 throw new \InvalidArgumentException( __METHOD__ .
': priority must be specified' );
76 throw new \InvalidArgumentException( __METHOD__ .
': Invalid priority' );
79 if ( !is_array(
$params[
'cookieOptions'] ) ) {
80 throw new \InvalidArgumentException( __METHOD__ .
': cookieOptions must be an array' );
83 $this->priority =
$params[
'priority'];
84 $this->cookieOptions =
$params[
'cookieOptions'];
86 unset( $this->params[
'priority'] );
87 unset( $this->params[
'cookieOptions'] );
96 'callUserSetCookiesHook' =>
false,
101 $this->useCrossSiteCookies = strcasecmp(
$config->
get(
'CookieSameSite' ),
'none' ) === 0;
104 $this->cookieOptions += [
109 'secure' =>
$config->
get(
'CookieSecure' ) || $this->config->get(
'ForceHTTPS' ),
110 'httpOnly' =>
$config->
get(
'CookieHttpOnly' ),
111 'sameSite' =>
$config->
get(
'CookieSameSite' ),
116 $sessionId = $this->
getCookie( $request, $this->params[
'sessionName'],
'' );
119 'forceHTTPS' => $this->
getCookie( $request,
'forceHTTPS',
'',
false )
122 $info[
'id'] = $sessionId;
123 $info[
'persisted'] =
true;
127 if ( $userId !==
null ) {
130 }
catch ( \InvalidArgumentException $ex ) {
135 if ( $userName !==
null && $userInfo->getName() !== $userName ) {
136 $this->logger->warning(
137 'Session "{session}" requested with mismatched UserID and UserName cookies.',
139 'session' => $sessionId,
142 'cookie_username' => $userName,
143 'username' => $userInfo->getName(),
149 if ( $token !==
null ) {
150 if ( !hash_equals( $userInfo->getToken(), $token ) ) {
151 $this->logger->warning(
152 'Session "{session}" requested with invalid Token cookie.',
154 'session' => $sessionId,
156 'username' => $userInfo->getName(),
160 $info[
'userInfo'] = $userInfo->verified();
161 $info[
'persisted'] =
true;
162 } elseif ( isset( $info[
'id'] ) ) {
163 $info[
'userInfo'] = $userInfo;
169 } elseif ( isset( $info[
'id'] ) ) {
175 $this->logger->debug(
176 'Session "{session}" requested without UserID cookie',
178 'session' => $info[
'id'],
200 if ( $response->headersSent() ) {
202 $this->logger->debug( __METHOD__ .
': Headers already sent' );
212 if ( $this->params[
'callUserSetCookiesHook'] && !$user->isAnon() ) {
213 $this->
getHookRunner()->onUserSetCookies( $user, $sessionData, $cookies );
220 $options[
'secure'] = $this->config->get(
'CookieSecure' )
221 || $this->config->get(
'ForceHTTPS' );
224 $response->setCookie( $this->params[
'sessionName'], $session->
getId(),
null,
225 [
'prefix' =>
'' ] + $options
228 foreach ( $cookies as $key => $value ) {
229 if ( $value ===
false ) {
230 $response->clearCookie( $key, $options );
233 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
234 $response->setCookie( $key, (
string)$value, $expiration, $options );
241 if ( $sessionData ) {
242 $session->
addData( $sessionData );
248 if ( $response->headersSent() ) {
250 $this->logger->debug( __METHOD__ .
': Headers already sent' );
259 $response->clearCookie(
260 $this->params[
'sessionName'], [
'prefix' =>
'' ] + $this->cookieOptions
263 foreach ( $cookies as $key => $value ) {
264 $response->clearCookie( $key, $this->cookieOptions );
278 if ( $this->config->get(
'ForceHTTPS' ) ) {
289 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
293 $response->setCookie(
'forceHTTPS',
'true', $expiration,
294 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
296 $response->clearCookie(
'forceHTTPS',
297 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
306 if ( $loggedOut + 86400 > time() &&
307 $loggedOut !== (
int)$this->
getCookie( $request,
'LoggedOut', $this->cookieOptions[
'prefix'] )
309 $request->
response()->setCookie(
'LoggedOut', $loggedOut, $loggedOut + 86400,
310 $this->cookieOptions );
318 $this->cookieOptions[
'prefix'] .
'Token',
319 $this->cookieOptions[
'prefix'] .
'LoggedOut',
320 $this->params[
'sessionName'],
326 $name = $this->
getCookie( $request,
'UserName', $this->cookieOptions[
'prefix'] );
327 if ( $name !==
null ) {
330 return $name ===
false ? null : $name;
339 $prefix = $this->cookieOptions[
'prefix'];
341 $this->
getCookie( $request,
'UserID', $prefix ),
342 $this->
getCookie( $request,
'UserName', $prefix ),
343 $this->
getCookie( $request,
'Token', $prefix ),
355 protected function getCookie( $request, $key, $prefix, $default =
null ) {
356 if ( $this->useCrossSiteCookies ) {
357 $value = $request->getCrossSiteCookie( $key, $prefix, $default );
359 $value = $request->getCookie( $key, $prefix, $default );
361 if ( $value ===
'deleted' ) {
379 if ( $user->isAnon() ) {
386 'UserID' => $user->getId(),
387 'UserName' => $user->getName(),
388 'Token' => $remember ? (string)$user->getToken() :
false,
401 if ( !$user->isAnon() && $this->params[
'callUserSetCookiesHook'] ) {
403 'wsUserID' => $user->getId(),
404 'wsToken' => $user->getToken(),
405 'wsUserName' => $user->getName(),
413 return wfMessage(
'sessionprovider-nocookies' );
428 return [
'UserID',
'UserName',
'Token' ];
443 $normalExpiration = $this->config->get(
'CookieExpiration' );
445 if ( $shouldRememberUser && in_array( $cookieName, $extendedCookies,
true ) ) {
446 $extendedExpiration = $this->config->get(
'ExtendedLoginCookieExpiration' );
448 return ( $extendedExpiration !==
null ) ? (int)$extendedExpiration : (
int)$normalExpiration;
450 return (
int)$normalExpiration;