26use InvalidArgumentException;
60 parent::__construct();
63 'cookieOptions' => [],
68 if ( !isset(
$params[
'priority'] ) ) {
69 throw new InvalidArgumentException( __METHOD__ .
': priority must be specified' );
74 throw new InvalidArgumentException( __METHOD__ .
': Invalid priority' );
77 if ( !is_array(
$params[
'cookieOptions'] ) ) {
78 throw new InvalidArgumentException( __METHOD__ .
': cookieOptions must be an array' );
81 $this->priority =
$params[
'priority'];
82 $this->cookieOptions =
$params[
'cookieOptions'];
84 unset( $this->params[
'priority'] );
85 unset( $this->params[
'cookieOptions'] );
98 $this->cookieOptions += [
106 'sameSite' => $sameSite,
111 $sessionId = $this->
getCookie( $request, $this->params[
'sessionName'],
'' );
114 'forceHTTPS' => $this->
getCookie( $request,
'forceHTTPS',
'',
false )
117 $info[
'id'] = $sessionId;
118 $info[
'persisted'] =
true;
122 if ( $userId !==
null ) {
125 }
catch ( InvalidArgumentException $ex ) {
129 if ( $userName !==
null && $userInfo->getName() !== $userName ) {
130 $this->logger->warning(
131 'Session "{session}" requested with mismatched UserID and UserName cookies.',
133 'session' => $sessionId,
136 'cookie_username' => $userName,
137 'username' => $userInfo->getName(),
143 if ( $token !==
null ) {
144 if ( !hash_equals( $userInfo->getToken(), $token ) ) {
145 $this->logger->warning(
146 'Session "{session}" requested with invalid Token cookie.',
148 'session' => $sessionId,
150 'username' => $userInfo->getName(),
154 $info[
'userInfo'] = $userInfo->verified();
155 $info[
'persisted'] =
true;
156 } elseif ( isset( $info[
'id'] ) ) {
157 $info[
'userInfo'] = $userInfo;
163 } elseif ( isset( $info[
'id'] ) ) {
169 $this->logger->debug(
170 'Session "{session}" requested without UserID cookie',
172 'session' => $info[
'id'],
194 if ( $response->headersSent() ) {
196 $this->logger->debug( __METHOD__ .
': Headers already sent' );
213 $response->setCookie( $this->params[
'sessionName'], $session->
getId(),
null,
214 [
'prefix' =>
'' ] + $options
217 foreach ( $cookies as $key => $value ) {
218 if ( $value ===
false ) {
219 $response->clearCookie( $key, $options );
222 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
223 $response->setCookie( $key, (
string)$value, $expiration, $options );
230 if ( $sessionData ) {
231 $session->
addData( $sessionData );
237 if ( $response->headersSent() ) {
239 $this->logger->debug( __METHOD__ .
': Headers already sent' );
248 $response->clearCookie(
249 $this->params[
'sessionName'], [
'prefix' =>
'' ] + $this->cookieOptions
252 foreach ( $cookies as $key => $value ) {
253 $response->clearCookie( $key, $this->cookieOptions );
278 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
282 $response->setCookie(
'forceHTTPS',
'true', $expiration,
283 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
285 $response->clearCookie(
'forceHTTPS',
286 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
295 if ( $loggedOut + 86400 > time() &&
296 $loggedOut !== (
int)$this->
getCookie( $request,
'LoggedOut', $this->cookieOptions[
'prefix'] )
298 $request->
response()->setCookie(
'LoggedOut', (
string)$loggedOut, $loggedOut + 86400,
299 $this->cookieOptions );
307 $this->cookieOptions[
'prefix'] .
'Token',
308 $this->cookieOptions[
'prefix'] .
'LoggedOut',
309 $this->params[
'sessionName'],
315 $name = $this->
getCookie( $request,
'UserName', $this->cookieOptions[
'prefix'] );
316 if ( $name !==
null ) {
317 if ( $this->userNameUtils->isTemp( $name ) ) {
320 $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_USABLE );
323 return $name ===
false ? null : $name;
332 $prefix = $this->cookieOptions[
'prefix'];
334 $this->
getCookie( $request,
'UserID', $prefix ),
335 $this->
getCookie( $request,
'UserName', $prefix ),
336 $this->
getCookie( $request,
'Token', $prefix ),
348 protected function getCookie( $request, $key, $prefix, $default =
null ) {
349 $value = $request->getCookie( $key, $prefix, $default );
350 if ( $value ===
'deleted' ) {
368 if ( $user->isAnon() ) {
375 'UserID' => $user->getId(),
376 'UserName' => $user->getName(),
377 'Token' => $remember ? (string)$user->getToken() :
false,
392 return wfMessage(
'sessionprovider-nocookies' );
407 return [
'UserID',
'UserName',
'Token' ];
424 if ( $shouldRememberUser && in_array( $cookieName, $extendedCookies,
true ) ) {
427 return ( $extendedExpiration !==
null ) ? (int)$extendedExpiration : (int)$normalExpiration;
429 return (
int)$normalExpiration;
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
A class containing constants representing the names of configuration variables.
const ForceHTTPS
Name constant for the ForceHTTPS setting, for use with Config::get()
const CookieExpiration
Name constant for the CookieExpiration setting, for use with Config::get()
const CookieDomain
Name constant for the CookieDomain setting, for use with Config::get()
const CookiePath
Name constant for the CookiePath setting, for use with Config::get()
const CookieSameSite
Name constant for the CookieSameSite setting, for use with Config::get()
const CookieSecure
Name constant for the CookieSecure setting, for use with Config::get()
const SessionName
Name constant for the SessionName setting, for use with Config::get()
const ExtendedLoginCookieExpiration
Name constant for the ExtendedLoginCookieExpiration setting, for use with Config::get()
const CookiePrefix
Name constant for the CookiePrefix setting, for use with Config::get()
const CookieHttpOnly
Name constant for the CookieHttpOnly setting, for use with Config::get()