MediaWiki  master
MediaWiki\Session\CookieSessionProvider Class Reference

A CookieSessionProvider persists sessions using cookies. More...

Inheritance diagram for MediaWiki\Session\CookieSessionProvider:
Collaboration diagram for MediaWiki\Session\CookieSessionProvider:

Public Member Functions

 __construct ($params=[])
 
 canChangeUser ()
 
 getRememberUserDuration ()
 
 getVaryCookies ()
 
 persistSession (SessionBackend $session, WebRequest $request)
 
 persistsSessionId ()
 
 provideSessionInfo (WebRequest $request)
 
 setConfig (Config $config)
 
 suggestLoginUsername (WebRequest $request)
 
 unpersistSession (WebRequest $request)
 
 whyNoSession ()
 Return a Message for why sessions might not be being persisted. More...
 
- Public Member Functions inherited from MediaWiki\Session\SessionProvider
 __construct ()
 
 __toString ()
 
 canChangeUser ()
 Indicate whether the user associated with the request can be changed. More...
 
 describe (Language $lang)
 Return an identifier for this session type. More...
 
 getAllowedUserRights (SessionBackend $backend)
 Fetch the rights allowed the user when the specified session is active. More...
 
 getManager ()
 Get the session manager. More...
 
 getRememberUserDuration ()
 Returns the duration (in seconds) for which users will be remembered when Session::setRememberUser() is set. More...
 
 getVaryCookies ()
 Return the list of cookies that need varying on. More...
 
 getVaryHeaders ()
 Return the HTTP headers that need varying on. More...
 
 invalidateSessionsForUser (User $user)
 Invalidate existing sessions for a user. More...
 
 mergeMetadata (array $savedMetadata, array $providedMetadata)
 Merge saved session provider metadata. More...
 
 newSessionInfo ($id=null)
 Provide session info for a new, empty session. More...
 
 persistSession (SessionBackend $session, WebRequest $request)
 Persist a session into a request/response. More...
 
 persistsSessionId ()
 Indicate whether self::persistSession() can save arbitrary session IDs. More...
 
 preventSessionsForUser ($username)
 Prevent future sessions for the user. More...
 
 provideSessionInfo (WebRequest $request)
 Provide session info for a request. More...
 
 refreshSessionInfo (SessionInfo $info, WebRequest $request, &$metadata)
 Validate a loaded SessionInfo and refresh provider metadata. More...
 
 sessionIdWasReset (SessionBackend $session, $oldId)
 Notification that the session ID was reset. More...
 
 setConfig (Config $config)
 Set configuration. More...
 
 setLogger (LoggerInterface $logger)
 
 setManager (SessionManager $manager)
 Set the session manager. More...
 
 suggestLoginUsername (WebRequest $request)
 Get a suggested username for the login form. More...
 
 unpersistSession (WebRequest $request)
 Remove any persisted session from a request/response. More...
 
 whyNoSession ()
 Return a Message for why sessions might not be being persisted. More...
 

Protected Member Functions

 cookieDataToExport ($user, $remember)
 Return the data to store in cookies. More...
 
 getCookie ($request, $key, $prefix, $default=null)
 Get a cookie. More...
 
 getExtendedLoginCookies ()
 Gets the list of cookies that must be set to the 'remember me' duration, if $wgExtendedLoginCookieExpiration is in use. More...
 
 getLoginCookieExpiration ($cookieName, $shouldRememberUser)
 Returns the lifespan of the login cookies, in seconds. More...
 
 getUserInfoFromCookies ($request)
 Fetch the user identity from cookies. More...
 
 sessionDataToExport ($user)
 Return extra data to store in the session. More...
 
 setForceHTTPSCookie ($set, SessionBackend $backend=null, WebRequest $request)
 Set the "forceHTTPS" cookie. More...
 
 setLoggedOutCookie ($loggedOut, WebRequest $request)
 Set the "logged out" cookie. More...
 
- Protected Member Functions inherited from MediaWiki\Session\SessionProvider
 describeMessage ()
 Return a Message identifying this session type. More...
 
 hashToSessionId ($data, $key=null)
 Hash data as a session ID. More...
 

Protected Attributes

 $cookieOptions = []
 
 $params = []
 
- Protected Attributes inherited from MediaWiki\Session\SessionProvider
Config $config
 
LoggerInterface $logger
 
SessionManager $manager
 
int $priority
 Session priority. More...
 

Detailed Description

A CookieSessionProvider persists sessions using cookies.

Since
1.27

Definition at line 36 of file CookieSessionProvider.php.

Constructor & Destructor Documentation

MediaWiki\Session\CookieSessionProvider::__construct (   $params = [])
Parameters
array$paramsKeys include:
  • priority: (required) Priority of the returned sessions
  • callUserSetCookiesHook: Whether to call the deprecated hook
  • sessionName: Session cookie name. Doesn't honor 'prefix'. Defaults to $wgSessionName, or $wgCookiePrefix . '_session' if that is unset.
  • cookieOptions: Options to pass to WebRequest::setCookie():
    • prefix: Cookie prefix, defaults to $wgCookiePrefix
    • path: Cookie path, defaults to $wgCookiePath
    • domain: Cookie domain, defaults to $wgCookieDomain
    • secure: Cookie secure flag, defaults to $wgCookieSecure
    • httpOnly: Cookie httpOnly flag, defaults to $wgCookieHttpOnly

Definition at line 54 of file CookieSessionProvider.php.

References MediaWiki\Session\CookieSessionProvider\$params, MediaWiki\Session\SessionInfo\MAX_PRIORITY, and MediaWiki\Session\SessionInfo\MIN_PRIORITY.

Member Function Documentation

MediaWiki\Session\CookieSessionProvider::canChangeUser ( )

Definition at line 184 of file CookieSessionProvider.php.

MediaWiki\Session\CookieSessionProvider::cookieDataToExport (   $user,
  $remember 
)
protected

Return the data to store in cookies.

Parameters
User$user
bool$remember
Returns
array $cookies Set value false to unset the cookie

Definition at line 364 of file CookieSessionProvider.php.

References $user, and string.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().

MediaWiki\Session\CookieSessionProvider::getCookie (   $request,
  $key,
  $prefix,
  $default = null 
)
protected

Get a cookie.

Contains an auth-specific hack.

Parameters
\\WebRequest$request
string$key
string$prefix
mixed$default
Returns
mixed

Definition at line 345 of file CookieSessionProvider.php.

References $key, $request, and $value.

Referenced by MediaWiki\Session\CookieSessionProvider\getUserInfoFromCookies(), MediaWiki\Session\CookieSessionProvider\provideSessionInfo(), MediaWiki\Session\CookieSessionProvider\setLoggedOutCookie(), and MediaWiki\Session\CookieSessionProvider\suggestLoginUsername().

MediaWiki\Session\CookieSessionProvider::getExtendedLoginCookies ( )
protected

Gets the list of cookies that must be set to the 'remember me' duration, if $wgExtendedLoginCookieExpiration is in use.

Returns
string[] Array of unprefixed cookie keys

Definition at line 413 of file CookieSessionProvider.php.

Referenced by MediaWiki\Session\CookieSessionProvider\getLoginCookieExpiration().

MediaWiki\Session\CookieSessionProvider::getLoginCookieExpiration (   $cookieName,
  $shouldRememberUser 
)
protected

Returns the lifespan of the login cookies, in seconds.

0 means until the end of the session.

Cookies that are session-length do not call this function.

Parameters
string$cookieName
boolean$shouldRememberUserWhether the user should be remembered long-term
Returns
int Cookie expiration time in seconds; 0 for session cookies

Definition at line 427 of file CookieSessionProvider.php.

References MediaWiki\Session\CookieSessionProvider\getExtendedLoginCookies().

Referenced by MediaWiki\Session\CookieSessionProvider\getRememberUserDuration(), MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\CookieSessionProvider\setForceHTTPSCookie().

MediaWiki\Session\CookieSessionProvider::getRememberUserDuration ( )
MediaWiki\Session\CookieSessionProvider::getUserInfoFromCookies (   $request)
protected

Fetch the user identity from cookies.

Parameters
\\WebRequest$request
Returns
array (string|null $id, string|null $username, string|null $token)

Definition at line 328 of file CookieSessionProvider.php.

References $request, and MediaWiki\Session\CookieSessionProvider\getCookie().

Referenced by MediaWiki\Session\CookieSessionProvider\provideSessionInfo().

MediaWiki\Session\CookieSessionProvider::getVaryCookies ( )

Definition at line 304 of file CookieSessionProvider.php.

MediaWiki\Session\CookieSessionProvider::persistsSessionId ( )

Definition at line 180 of file CookieSessionProvider.php.

MediaWiki\Session\CookieSessionProvider::sessionDataToExport (   $user)
protected

Return extra data to store in the session.

Parameters
User$user
Returns
array $session

Definition at line 384 of file CookieSessionProvider.php.

References $user.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().

MediaWiki\Session\CookieSessionProvider::setConfig ( Config  $config)

Definition at line 83 of file CookieSessionProvider.php.

References Config\get().

MediaWiki\Session\CookieSessionProvider::setForceHTTPSCookie (   $set,
SessionBackend  $backend = null,
WebRequest  $request 
)
protected

Set the "forceHTTPS" cookie.

Parameters
bool$setWhether the cookie should be set or not
SessionBackend | null$backend
WebRequest$request

Definition at line 268 of file CookieSessionProvider.php.

References $response, MediaWiki\Session\CookieSessionProvider\getLoginCookieExpiration(), and WebRequest\response().

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\CookieSessionProvider\unpersistSession().

MediaWiki\Session\CookieSessionProvider::setLoggedOutCookie (   $loggedOut,
WebRequest  $request 
)
protected

Set the "logged out" cookie.

Parameters
int$loggedOuttimestamp
WebRequest$request

Definition at line 295 of file CookieSessionProvider.php.

References MediaWiki\Session\CookieSessionProvider\getCookie(), and WebRequest\response().

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().

MediaWiki\Session\CookieSessionProvider::suggestLoginUsername ( WebRequest  $request)
MediaWiki\Session\CookieSessionProvider::unpersistSession ( WebRequest  $request)
MediaWiki\Session\CookieSessionProvider::whyNoSession ( )

Return a Message for why sessions might not be being persisted.

For example, "check whether you're blocking our cookies".

Returns
Message|null

Implements MediaWiki\Session\SessionProviderInterface.

Definition at line 398 of file CookieSessionProvider.php.

References wfMessage().

Member Data Documentation

MediaWiki\Session\CookieSessionProvider::$cookieOptions = []
protected
MediaWiki\Session\CookieSessionProvider::$params = []
protected

The documentation for this class was generated from the following file: