MediaWiki master
|
Manages data for an authenticated session. More...
Inherits Countable, Iterator, and ArrayAccess.
Public Member Functions | |
__construct (SessionBackend $backend, $index, LoggerInterface $logger) | |
__destruct () | |
canSetUser () | |
Indicate whether the session user info can be changed. | |
clear () | |
Delete all session data and clear the user (if possible) | |
delaySave () | |
Delay automatic saving while multiple updates are being made. | |
exists ( $key) | |
Test if a value exists in the session. | |
get ( $key, $default=null) | |
Fetch a value from the session. | |
getAllowedUserRights () | |
Fetch the rights allowed the user when this session is active. | |
getId () | |
Returns the session ID. | |
getLoggedOutTimestamp () | |
Fetch the "logged out" timestamp. | |
getProvider () | |
Fetch the SessionProvider for this session. | |
getProviderMetadata () | |
Fetch provider metadata. | |
getRequest () | |
Returns the request associated with this session. | |
getRestrictions () | |
Fetch any restrictions imposed on logins or actions when this session is active. | |
getSecret ( $key, $default=null) | |
Fetch a value from the session that was set with self::setSecret() | |
getSessionId () | |
Returns the SessionId object. | |
getToken ( $salt='', $key='default') | |
Fetch a CSRF token from the session. | |
getUser () | |
Returns the authenticated user for this session. | |
hasToken (string $key='default') | |
Check if a CSRF token is set for the session. | |
isPersistent () | |
Indicate whether this session is persisted across requests. | |
persist () | |
Make this session persisted across requests. | |
remove ( $key) | |
Remove a value from the session. | |
renew () | |
Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent. | |
resetAllTokens () | |
Remove all CSRF tokens from the session. | |
resetId () | |
Changes the session ID. | |
resetToken ( $key='default') | |
Remove a CSRF token from the session. | |
save () | |
This will update the backend data and might re-persist the session if needed. | |
sessionWithRequest (WebRequest $request) | |
Fetch a copy of this session attached to an alternative WebRequest. | |
set ( $key, $value) | |
Set a value in the session. | |
setForceHTTPS ( $force) | |
Set the value of the forceHTTPS cookie. | |
setLoggedOutTimestamp ( $ts) | |
setRememberUser ( $remember) | |
Set whether the user should be remembered independently of the session ID. | |
setSecret ( $key, $value) | |
Set a value in the session, encrypted. | |
setUser ( $user) | |
Set a new user for this session. | |
shouldForceHTTPS () | |
Get the expected value of the forceHTTPS cookie. | |
shouldRememberUser () | |
Indicate whether the user should be remembered independently of the session ID. | |
suggestLoginUsername () | |
Get a suggested username for the login form. | |
unpersist () | |
Make this session not be persisted across requests. | |
Interface methods | |
count () | |
current () | |
key () | |
next () | |
rewind () | |
valid () | |
offsetExists ( $offset) | |
& | offsetGet ( $offset) |
offsetSet ( $offset, $value) | |
offsetUnset ( $offset) | |
Manages data for an authenticated session.
A Session represents the fact that the current HTTP request is part of a session. There are two broad types of Sessions, based on whether they return true or false from self::canSetUser():
The Session object also serves as a replacement for PHP's $_SESSION, managing access to per-session data.
Definition at line 54 of file Session.php.
MediaWiki\Session\Session::__construct | ( | SessionBackend | $backend, |
$index, | |||
LoggerInterface | $logger ) |
SessionBackend | $backend | |
int | $index | |
LoggerInterface | $logger |
Definition at line 72 of file Session.php.
MediaWiki\Session\Session::__destruct | ( | ) |
Definition at line 78 of file Session.php.
MediaWiki\Session\Session::canSetUser | ( | ) |
Indicate whether the session user info can be changed.
Definition at line 203 of file Session.php.
MediaWiki\Session\Session::clear | ( | ) |
Delete all session data and clear the user (if possible)
Definition at line 275 of file Session.php.
MediaWiki\Session\Session::count | ( | ) |
Definition at line 596 of file Session.php.
MediaWiki\Session\Session::current | ( | ) |
Definition at line 603 of file Session.php.
MediaWiki\Session\Session::delaySave | ( | ) |
Delay automatic saving while multiple updates are being made.
Calls to save() or clear() will not be delayed.
Definition at line 578 of file Session.php.
MediaWiki\Session\Session::exists | ( | $key | ) |
Test if a value exists in the session.
string | int | $key |
Definition at line 326 of file Session.php.
MediaWiki\Session\Session::get | ( | $key, | |
$default = null ) |
Fetch a value from the session.
string | int | $key | |
mixed | null | $default | Returned if $this->exists( $key ) would be false |
Definition at line 315 of file Session.php.
Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().
MediaWiki\Session\Session::getAllowedUserRights | ( | ) |
Fetch the rights allowed the user when this session is active.
Definition at line 186 of file Session.php.
MediaWiki\Session\Session::getId | ( | ) |
MediaWiki\Session\Session::getLoggedOutTimestamp | ( | ) |
MediaWiki\Session\Session::getProvider | ( | ) |
Fetch the SessionProvider for this session.
Definition at line 111 of file Session.php.
MediaWiki\Session\Session::getProviderMetadata | ( | ) |
Fetch provider metadata.
Definition at line 268 of file Session.php.
MediaWiki\Session\Session::getRequest | ( | ) |
Returns the request associated with this session.
Definition at line 170 of file Session.php.
Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().
MediaWiki\Session\Session::getRestrictions | ( | ) |
Fetch any restrictions imposed on logins or actions when this session is active.
Definition at line 195 of file Session.php.
MediaWiki\Session\Session::getSecret | ( | $key, | |
$default = null ) |
Fetch a value from the session that was set with self::setSecret()
string | int | $key | |
mixed | null | $default | Returned if $this->exists( $key ) would be false or decryption fails |
Definition at line 521 of file Session.php.
MediaWiki\Session\Session::getSessionId | ( | ) |
Returns the SessionId object.
Definition at line 95 of file Session.php.
MediaWiki\Session\Session::getToken | ( | $salt = '', | |
$key = 'default' ) |
Fetch a CSRF token from the session.
Note that this does not persist the session, which you'll probably want to do if you want the token to actually be useful.
string | string[] | $salt | Token salt |
string | $key | Token key |
Definition at line 381 of file Session.php.
MediaWiki\Session\Session::getUser | ( | ) |
Returns the authenticated user for this session.
Definition at line 178 of file Session.php.
MediaWiki\Session\Session::hasToken | ( | string | $key = 'default' | ) |
Check if a CSRF token is set for the session.
string | $key | Token key |
Definition at line 363 of file Session.php.
MediaWiki\Session\Session::isPersistent | ( | ) |
Indicate whether this session is persisted across requests.
For example, if cookies are set.
Definition at line 122 of file Session.php.
MediaWiki\Session\Session::key | ( | ) |
Definition at line 610 of file Session.php.
MediaWiki\Session\Session::next | ( | ) |
Definition at line 616 of file Session.php.
MediaWiki\Session\Session::offsetExists | ( | $offset | ) |
Definition at line 638 of file Session.php.
& MediaWiki\Session\Session::offsetGet | ( | $offset | ) |
Definition at line 652 of file Session.php.
MediaWiki\Session\Session::offsetSet | ( | $offset, | |
$value ) |
Definition at line 662 of file Session.php.
MediaWiki\Session\Session::offsetUnset | ( | $offset | ) |
Definition at line 667 of file Session.php.
MediaWiki\Session\Session::persist | ( | ) |
Make this session persisted across requests.
If the session is already persistent, equivalent to calling $this->renew().
Definition at line 132 of file Session.php.
MediaWiki\Session\Session::remove | ( | $key | ) |
Remove a value from the session.
string | int | $key |
Definition at line 348 of file Session.php.
MediaWiki\Session\Session::renew | ( | ) |
Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent.
Definition at line 291 of file Session.php.
MediaWiki\Session\Session::resetAllTokens | ( | ) |
Remove all CSRF tokens from the session.
Definition at line 419 of file Session.php.
MediaWiki\Session\Session::resetId | ( | ) |
Changes the session ID.
Definition at line 103 of file Session.php.
MediaWiki\Session\Session::resetToken | ( | $key = 'default' | ) |
Remove a CSRF token from the session.
The next call to self::getToken() with $key will generate a new secret.
string | $key | Token key |
Definition at line 408 of file Session.php.
MediaWiki\Session\Session::rewind | ( | ) |
Definition at line 622 of file Session.php.
MediaWiki\Session\Session::save | ( | ) |
This will update the backend data and might re-persist the session if needed.
Definition at line 586 of file Session.php.
Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().
MediaWiki\Session\Session::sessionWithRequest | ( | WebRequest | $request | ) |
Fetch a copy of this session attached to an alternative WebRequest.
Actions on the copy will affect this session too, and vice versa.
WebRequest | $request | Any existing session associated with this WebRequest object will be overwritten. |
Definition at line 304 of file Session.php.
References MediaWiki\Request\WebRequest\setSessionId().
MediaWiki\Session\Session::set | ( | $key, | |
$value ) |
Set a value in the session.
string | int | $key | |
mixed | $value |
Definition at line 336 of file Session.php.
Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().
MediaWiki\Session\Session::setForceHTTPS | ( | $force | ) |
Set the value of the forceHTTPS cookie.
This reflects whether session cookies were sent with the Secure attribute. If $wgForceHTTPS is true, the forceHTTPS cookie is not sent, and this value is ignored.
bool | $force |
Definition at line 244 of file Session.php.
MediaWiki\Session\Session::setLoggedOutTimestamp | ( | $ts | ) |
int | $ts |
Definition at line 259 of file Session.php.
MediaWiki\Session\Session::setRememberUser | ( | $remember | ) |
Set whether the user should be remembered independently of the session ID.
bool | $remember |
Definition at line 162 of file Session.php.
MediaWiki\Session\Session::setSecret | ( | $key, | |
$value ) |
Set a value in the session, encrypted.
This relies on the secrecy of $wgSecretKey (by default), or $wgSessionSecret.
string | int | $key | |
mixed | $value |
Definition at line 485 of file Session.php.
MediaWiki\Session\Session::setUser | ( | $user | ) |
Set a new user for this session.
User | $user | User to set on the session. This may become a "UserValue" in the future, or User may be refactored into such. |
Definition at line 214 of file Session.php.
MediaWiki\Session\Session::shouldForceHTTPS | ( | ) |
Get the expected value of the forceHTTPS cookie.
This reflects whether session cookies were sent with the Secure attribute. If $wgForceHTTPS is true, the forceHTTPS cookie is not sent and this value is ignored.
Definition at line 233 of file Session.php.
MediaWiki\Session\Session::shouldRememberUser | ( | ) |
Indicate whether the user should be remembered independently of the session ID.
Definition at line 153 of file Session.php.
MediaWiki\Session\Session::suggestLoginUsername | ( | ) |
Get a suggested username for the login form.
Definition at line 222 of file Session.php.
MediaWiki\Session\Session::unpersist | ( | ) |
Make this session not be persisted across requests.
This will remove persistence information (e.g. delete cookies) from the associated WebRequest(s), and delete session data in the backend. The session data will still be available via get() until the end of the request.
Definition at line 144 of file Session.php.
MediaWiki\Session\Session::valid | ( | ) |
Definition at line 628 of file Session.php.