An implementation of a session store with two backends for storing anonymous and authenticated sessions separately. More...
Inherits MediaWiki\Session\SessionStore.
Public Member Functions | |
| __construct (BagOStuff $anonSessionStore, BagOStuff $authenticatedSessionStore, LoggerInterface $logger, StatsFactory $statsFactory) | |
| delete (SessionInfo $info) | |
| Deletes session data from the session store for the provided key. | |
| get (SessionInfo $info) | |
| Get session store data for a given key. | |
| set (SessionInfo $info, $value, $exptime=0, $flags=0) | |
| Set session store data for the corresponding key to the active store during the request. | |
| setLogger (LoggerInterface $logger) | |
| shutdown () | |
Will be called during shutdown.
| |
Detailed Description
An implementation of a session store with two backends for storing anonymous and authenticated sessions separately.
It is recommended to use a backend with strong persistence for the authenticated sessions (since a session loss can be annoying to users, and the amount of authentication sessions is limited), and a cheaper backend (possibly with an eviction mechanism, such as Memcached) for the anonymous sessions, as it's easy to accidentally or maliciously create lots of them.
Multiple stores are injected here to be used for the different types of sessions. A few criteria are used to decide whether a session is anonymous or authenticated:
1) Usually, the SessionInfo object directly tells us whether the session is authenticated or anonymous. 2) When $sessionInfo->getUserInfo() is null (meaning either we are loading a session from its ID, e.g., for compatibility with PHP's session_id(), or we tried to load an authenticated session, but for some reason it failed), we check which store has data for the given session ID and use that. 3) If neither store has any data, it's an anonymous (empty) session.
The underlying assumption is that the same session ID won't be reused for both anonymous and authenticated sessions (because immutable sessions are always authenticated, and for mutable sessions, we always call resetId() before changing the user's identity).
- Since
- 1.45
Definition at line 47 of file MultiBackendSessionStore.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Session\MultiBackendSessionStore::__construct | ( | BagOStuff | $anonSessionStore, |
| BagOStuff | $authenticatedSessionStore, | ||
| LoggerInterface | $logger, | ||
| StatsFactory | $statsFactory ) |
Definition at line 64 of file MultiBackendSessionStore.php.
References MediaWiki\Session\MultiBackendSessionStore\setLogger().
Member Function Documentation
◆ delete()
| MediaWiki\Session\MultiBackendSessionStore::delete | ( | SessionInfo | $info | ) |
Deletes session data from the session store for the provided key.
- Parameters
-
SessionInfo $info
Implements MediaWiki\Session\SessionStore.
Definition at line 302 of file MultiBackendSessionStore.php.
◆ get()
| MediaWiki\Session\MultiBackendSessionStore::get | ( | SessionInfo | $info | ) |
Get session store data for a given key.
This will look up the active store during the request and use that to fetch the data.
- Parameters
-
SessionInfo $info
- Returns
- mixed
Implements MediaWiki\Session\SessionStore.
Definition at line 195 of file MultiBackendSessionStore.php.
◆ set()
| MediaWiki\Session\MultiBackendSessionStore::set | ( | SessionInfo | $info, |
| $value, | |||
| $exptime = 0, | |||
| $flags = 0 ) |
Set session store data for the corresponding key to the active store during the request.
- Parameters
-
SessionInfo $info mixed $value int $exptime int $flags
Implements MediaWiki\Session\SessionStore.
Definition at line 241 of file MultiBackendSessionStore.php.
References MediaWiki\Session\SessionInfo\getId().
◆ setLogger()
| MediaWiki\Session\MultiBackendSessionStore::setLogger | ( | LoggerInterface | $logger | ) |
Definition at line 82 of file MultiBackendSessionStore.php.
Referenced by MediaWiki\Session\MultiBackendSessionStore\__construct().
◆ shutdown()
| MediaWiki\Session\MultiBackendSessionStore::shutdown | ( | ) |
Will be called during shutdown.
- Returns
- void
Implements MediaWiki\Session\SessionStore.
Definition at line 319 of file MultiBackendSessionStore.php.
References wfTimestampNow().
The documentation for this class was generated from the following file:
- includes/Session/MultiBackendSessionStore.php
