MediaWiki  master
ImmutableSessionProviderWithCookie.php
Go to the documentation of this file.
1 <?php
24 namespace MediaWiki\Session;
25 
26 use WebRequest;
27 
42 
44  protected $sessionCookieName = null;
46  protected $sessionCookieOptions = [];
47 
55  public function __construct( $params = [] ) {
56  parent::__construct();
57 
58  if ( isset( $params['sessionCookieName'] ) ) {
59  if ( !is_string( $params['sessionCookieName'] ) ) {
60  throw new \InvalidArgumentException( 'sessionCookieName must be a string' );
61  }
62  $this->sessionCookieName = $params['sessionCookieName'];
63  }
64  if ( isset( $params['sessionCookieOptions'] ) ) {
65  if ( !is_array( $params['sessionCookieOptions'] ) ) {
66  throw new \InvalidArgumentException( 'sessionCookieOptions must be an array' );
67  }
68  $this->sessionCookieOptions = $params['sessionCookieOptions'];
69  }
70  }
71 
83  protected function getSessionIdFromCookie( WebRequest $request ) {
84  if ( $this->sessionCookieName === null ) {
85  throw new \BadMethodCallException(
86  __METHOD__ . ' may not be called when $this->sessionCookieName === null'
87  );
88  }
89 
90  $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
91  $id = $request->getCookie( $this->sessionCookieName, $prefix );
92  return SessionManager::validateSessionId( $id ) ? $id : null;
93  }
94 
99  public function persistsSessionId() {
100  return $this->sessionCookieName !== null;
101  }
102 
107  public function canChangeUser() {
108  return false;
109  }
110 
115  public function persistSession( SessionBackend $session, WebRequest $request ) {
116  if ( $this->sessionCookieName === null ) {
117  return;
118  }
119 
120  $response = $request->response();
121  if ( $response->headersSent() ) {
122  // Can't do anything now
123  $this->logger->debug( __METHOD__ . ': Headers already sent' );
124  return;
125  }
126 
127  $options = $this->sessionCookieOptions;
128  if ( $session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS() ) {
129  // Send a cookie unless $wgForceHTTPS is set (T256095)
130  if ( !$this->config->get( 'ForceHTTPS' ) ) {
131  $response->setCookie( 'forceHTTPS', 'true', null,
132  [ 'prefix' => '', 'secure' => false ] + $options );
133  }
134  $options['secure'] = true;
135  }
136 
137  $response->setCookie( $this->sessionCookieName, $session->getId(), null, $options );
138  }
139 
144  public function unpersistSession( WebRequest $request ) {
145  if ( $this->sessionCookieName === null ) {
146  return;
147  }
148 
149  $response = $request->response();
150  if ( $response->headersSent() ) {
151  // Can't do anything now
152  $this->logger->debug( __METHOD__ . ': Headers already sent' );
153  return;
154  }
155 
156  $response->clearCookie( $this->sessionCookieName, $this->sessionCookieOptions );
157  }
158 
163  public function getVaryCookies() {
164  if ( $this->sessionCookieName === null ) {
165  return [];
166  }
167 
168  $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
169  return [ $prefix . $this->sessionCookieName ];
170  }
171 
172  public function whyNoSession() {
173  return wfMessage( 'sessionprovider-nocookies' );
174  }
175 }
MediaWiki\Session\ImmutableSessionProviderWithCookie\$sessionCookieName
string null $sessionCookieName
Definition: ImmutableSessionProviderWithCookie.php:44
MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
Definition: ImmutableSessionProviderWithCookie.php:83
MediaWiki\Session\SessionBackend\getUser
getUser()
Returns the authenticated user for this session.
Definition: SessionBackend.php:399
MediaWiki\Session\SessionBackend\getId
getId()
Returns the session ID.
Definition: SessionBackend.php:233
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition: GlobalFunctions.php:1219
MediaWiki\Session\ImmutableSessionProviderWithCookie\unpersistSession
unpersistSession(WebRequest $request)
Remove any persisted session from a request/response.For example, blank and expire any cookies set by...
Definition: ImmutableSessionProviderWithCookie.php:144
MediaWiki\Session\ImmutableSessionProviderWithCookie
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
Definition: ImmutableSessionProviderWithCookie.php:41
MediaWiki\Session\SessionManager\validateSessionId
static validateSessionId( $id)
Validate a session ID.
Definition: SessionManager.php:389
MediaWiki\Session\ImmutableSessionProviderWithCookie\canChangeUser
canChangeUser()
Indicate whether the user associated with the request can be changed.If false, any session passed to ...
Definition: ImmutableSessionProviderWithCookie.php:107
MediaWiki\Session\SessionProvider
A SessionProvider provides SessionInfo and support for Session.
Definition: SessionProvider.php:81
MediaWiki\Session\ImmutableSessionProviderWithCookie\$sessionCookieOptions
mixed[] $sessionCookieOptions
Definition: ImmutableSessionProviderWithCookie.php:46
MediaWiki\Session
Definition: BotPasswordSessionProvider.php:24
WebRequest\response
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff,...
Definition: WebRequest.php:1104
MediaWiki\Session\SessionBackend\shouldForceHTTPS
shouldForceHTTPS()
Whether HTTPS should be forced.
Definition: SessionBackend.php:459
WebRequest\getCookie
getCookie( $key, $prefix=null, $default=null)
Get a cookie from the $_COOKIE jar.
Definition: WebRequest.php:859
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:42
MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession
persistSession(SessionBackend $session, WebRequest $request)
Persist a session into a request/response.For example, you might set cookies for the session's ID,...
Definition: ImmutableSessionProviderWithCookie.php:115
MediaWiki\Session\ImmutableSessionProviderWithCookie\persistsSessionId
persistsSessionId()
Indicate whether self::persistSession() can save arbitrary session IDs.If false, any session passed t...
Definition: ImmutableSessionProviderWithCookie.php:99
MediaWiki\Session\ImmutableSessionProviderWithCookie\whyNoSession
whyNoSession()
Return a Message for why sessions might not be being persisted.For example, "check whether you're blo...
Definition: ImmutableSessionProviderWithCookie.php:172
MediaWiki\Session\ImmutableSessionProviderWithCookie\getVaryCookies
getVaryCookies()
Return the list of cookies that need varying on.Stable to override For use by \MediaWiki\Session\Sess...
Definition: ImmutableSessionProviderWithCookie.php:163
MediaWiki\Session\ImmutableSessionProviderWithCookie\__construct
__construct( $params=[])
Stable to call.
Definition: ImmutableSessionProviderWithCookie.php:55
MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition: SessionBackend.php:52