Manages data for an authenticated session. More...

Inherits Countable, Iterator, and ArrayAccess.

Collaboration diagram for MediaWiki\Session\Session:

[legend]

Public Member Functions
	__construct (SessionBackend $backend, $index, LoggerInterface $logger)

	__destruct ()

	canSetUser ()
	Indicate whether the session user info can be changed.

	clear ()
	Delete all session data and clear the user (if possible)

	delaySave ()
	Delay automatic saving while multiple updates are being made.

	exists ( $key)
	Test if a value exists in the session.

	get ( $key, $default=null)
	Fetch a value from the session.

	getAllowedUserRights ()
	Fetch the rights allowed the user when this session is active.

	getId ()
	Returns the session ID.

	getLoggedOutTimestamp ()
	Fetch the "logged out" timestamp.

	getProvider ()
	Fetch the SessionProvider for this session.

	getProviderMetadata ()
	Fetch provider metadata.

	getRequest ()
	Returns the request associated with this session.

	getRestrictions ()
	Fetch any restrictions imposed on logins or actions when this session is active.

	getSecret ( $key, $default=null)
	Fetch a value from the session that was set with self::setSecret()

	getSessionId ()
	Returns the SessionId object.

	getToken ( $salt='', $key='default')
	Fetch a CSRF token from the session.

	getUser ()
	Returns the authenticated user for this session.

	hasToken (string $key='default')
	Check if a CSRF token is set for the session.

	isPersistent ()
	Indicate whether this session is persisted across requests.

	persist ()
	Make this session persisted across requests.

	remove ( $key)
	Remove a value from the session.

	renew ()
	Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent.

	resetAllTokens ()
	Remove all CSRF tokens from the session.

	resetId ()
	Changes the session ID.

	resetToken ( $key='default')
	Remove a CSRF token from the session.

	save ()
	This will update the backend data and might re-persist the session if needed.

	sessionWithRequest (WebRequest $request)
	Fetch a copy of this session attached to an alternative WebRequest.

	set ( $key, $value)
	Set a value in the session.

	setForceHTTPS ( $force)
	Set the value of the forceHTTPS cookie.

	setLoggedOutTimestamp ( $ts)

	setRememberUser ( $remember)
	Set whether the user should be remembered independently of the session ID.

	setSecret ( $key, $value)
	Set a value in the session, encrypted.

	setUser ( $user)
	Set a new user for this session.

	shouldForceHTTPS ()
	Get the expected value of the forceHTTPS cookie.

	shouldRememberUser ()
	Indicate whether the user should be remembered independently of the session ID.

	suggestLoginUsername ()
	Get a suggested username for the login form.

	unpersist ()
	Make this session not be persisted across requests.

Interface methods
	count ()

	current ()

	key ()

	next ()

	rewind ()

	valid ()

	offsetExists ( $offset)

&	offsetGet ( $offset)

	offsetSet ( $offset, $value)

	offsetUnset ( $offset)

Detailed Description

Manages data for an authenticated session.

A Session represents the fact that the current HTTP request is part of a session. There are two broad types of Sessions, based on whether they return true or false from self::canSetUser():

When true (mutable), the Session identifies multiple requests as part of a session generically, with no tie to a particular user.
When false (immutable), the Session identifies multiple requests as part of a session by identifying and authenticating the request itself as belonging to a particular user.

The Session object also serves as a replacement for PHP's $_SESSION, managing access to per-session data.

Since: 1.27

Definition at line 54 of file Session.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\Session::__construct	(	SessionBackend	$backend,
			$index,
		LoggerInterface	$logger )

Parameters

SessionBackend	$backend
int	$index
LoggerInterface	$logger

Definition at line 71 of file Session.php.

◆ __destruct()

MediaWiki\Session\Session::__destruct ( )

Definition at line 77 of file Session.php.

Member Function Documentation

◆ canSetUser()

MediaWiki\Session\Session::canSetUser ( )

Indicate whether the session user info can be changed.

Returns: bool

Definition at line 201 of file Session.php.

◆ clear()

MediaWiki\Session\Session::clear ( )

Delete all session data and clear the user (if possible)

Definition at line 273 of file Session.php.

◆ count()

MediaWiki\Session\Session::count ( )

Definition at line 592 of file Session.php.

◆ current()

MediaWiki\Session\Session::current ( )

Definition at line 599 of file Session.php.

◆ delaySave()

MediaWiki\Session\Session::delaySave ( )

Delay automatic saving while multiple updates are being made.

Calls to save() or clear() will not be delayed.

Returns: \Wikimedia\ScopedCallback When this goes out of scope, a save will be triggered

Definition at line 574 of file Session.php.

◆ exists()

MediaWiki\Session\Session::exists ( $key )

Test if a value exists in the session.

Note: Unlike isset(), null values are considered to exist.

Parameters

string | int $key

Returns: bool

Definition at line 324 of file Session.php.

◆ get()

MediaWiki\Session\Session::get	(		$key,
			$default = null )

Fetch a value from the session.

Parameters

string \| int	$key
mixed \| null	$default	Returned if $this->exists( $key ) would be false

Returns: mixed

Definition at line 313 of file Session.php.

Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().

◆ getAllowedUserRights()

MediaWiki\Session\Session::getAllowedUserRights ( )

Fetch the rights allowed the user when this session is active.

Returns: null|string[] Allowed user rights, or null to allow all.

Definition at line 184 of file Session.php.

◆ getId()

MediaWiki\Session\Session::getId ( )

Returns the session ID.

Returns: string

Definition at line 85 of file Session.php.

◆ getLoggedOutTimestamp()

MediaWiki\Session\Session::getLoggedOutTimestamp ( )

Fetch the "logged out" timestamp.

Returns: int

Definition at line 250 of file Session.php.

◆ getProvider()

MediaWiki\Session\Session::getProvider ( )

Fetch the SessionProvider for this session.

Returns: SessionProviderInterface

Definition at line 110 of file Session.php.

◆ getProviderMetadata()

MediaWiki\Session\Session::getProviderMetadata ( )

Fetch provider metadata.

Note: For use by SessionProvider subclasses only

Returns: mixed

Definition at line 266 of file Session.php.

◆ getRequest()

MediaWiki\Session\Session::getRequest ( )

Returns the request associated with this session.

Returns: WebRequest

Definition at line 169 of file Session.php.

Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().

◆ getRestrictions()

MediaWiki\Session\Session::getRestrictions ( )

Fetch any restrictions imposed on logins or actions when this session is active.

Returns: MWRestrictions|null

Definition at line 193 of file Session.php.

◆ getSecret()

MediaWiki\Session\Session::getSecret	(		$key,
			$default = null )

Fetch a value from the session that was set with self::setSecret()

Parameters

string \| int	$key
mixed \| null	$default	Returned if $this->exists( $key ) would be false or decryption fails

Returns: mixed

Definition at line 517 of file Session.php.

◆ getSessionId()

MediaWiki\Session\Session::getSessionId ( )

Returns the SessionId object.

Access: internal: For internal use by WebRequest

Returns: SessionId

Definition at line 94 of file Session.php.

◆ getToken()

MediaWiki\Session\Session::getToken	(		$salt = '',
			$key = 'default' )

Fetch a CSRF token from the session.

Note that this does not persist the session, which you'll probably want to do if you want the token to actually be useful.

Parameters

string \| string[]	$salt	Token salt
string	$key	Token key

Returns: Token

Definition at line 379 of file Session.php.

◆ getUser()

MediaWiki\Session\Session::getUser ( )

Returns the authenticated user for this session.

Definition at line 176 of file Session.php.

◆ hasToken()

MediaWiki\Session\Session::hasToken ( string $key = 'default' )

Check if a CSRF token is set for the session.

Since: 1.37

Parameters

string $key Token key

Returns: bool

Definition at line 361 of file Session.php.

◆ isPersistent()

MediaWiki\Session\Session::isPersistent ( )

Indicate whether this session is persisted across requests.

For example, if cookies are set.

Returns: bool

Definition at line 121 of file Session.php.

◆ key()

MediaWiki\Session\Session::key ( )

Definition at line 606 of file Session.php.

◆ next()

MediaWiki\Session\Session::next ( )

Definition at line 612 of file Session.php.

◆ offsetExists()

MediaWiki\Session\Session::offsetExists ( $offset )

Note: Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.

Definition at line 634 of file Session.php.

◆ offsetGet()

& MediaWiki\Session\Session::offsetGet ( $offset )

Note: This supports indirect modifications but can't mark the session dirty when those happen. SessionBackend::save() checks the hash of the data to detect such changes.; Accessing a nonexistent key via this mechanism causes that key to be created with a null value, and does not raise a PHP warning.

Definition at line 648 of file Session.php.

◆ offsetSet()

MediaWiki\Session\Session::offsetSet	(		$offset,
			$value )

Definition at line 658 of file Session.php.

◆ offsetUnset()

MediaWiki\Session\Session::offsetUnset ( $offset )

Definition at line 663 of file Session.php.

◆ persist()

MediaWiki\Session\Session::persist ( )

Make this session persisted across requests.

If the session is already persistent, equivalent to calling $this->renew().

Definition at line 131 of file Session.php.

◆ remove()

MediaWiki\Session\Session::remove ( $key )

Remove a value from the session.

Parameters

string | int $key

Definition at line 346 of file Session.php.

◆ renew()

MediaWiki\Session\Session::renew ( )

Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent.

Definition at line 289 of file Session.php.

◆ resetAllTokens()

MediaWiki\Session\Session::resetAllTokens ( )

Remove all CSRF tokens from the session.

Definition at line 417 of file Session.php.

◆ resetId()

MediaWiki\Session\Session::resetId ( )

Changes the session ID.

Returns: string New ID (might be the same as the old)

Definition at line 102 of file Session.php.

◆ resetToken()

MediaWiki\Session\Session::resetToken ( $key = 'default' )

Remove a CSRF token from the session.

The next call to self::getToken() with $key will generate a new secret.

Parameters

string $key Token key

Definition at line 406 of file Session.php.

◆ rewind()

MediaWiki\Session\Session::rewind ( )

Definition at line 618 of file Session.php.

◆ save()

MediaWiki\Session\Session::save ( )

This will update the backend data and might re-persist the session if needed.

Definition at line 582 of file Session.php.

Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().

◆ sessionWithRequest()

MediaWiki\Session\Session::sessionWithRequest ( WebRequest $request )

Fetch a copy of this session attached to an alternative WebRequest.

Actions on the copy will affect this session too, and vice versa.

Parameters

WebRequest $request Any existing session associated with this WebRequest object will be overwritten.

Returns: Session

Definition at line 302 of file Session.php.

References MediaWiki\Request\WebRequest\setSessionId().

◆ set()

MediaWiki\Session\Session::set	(		$key,
			$value )

Set a value in the session.

Parameters

string \| int	$key
mixed	$value

Definition at line 334 of file Session.php.

Referenced by MediaWiki\User\TempUser\TempUserCreator\acquireAndStashName().

◆ setForceHTTPS()

MediaWiki\Session\Session::setForceHTTPS ( $force )

Set the value of the forceHTTPS cookie.

This reflects whether session cookies were sent with the Secure attribute. If $wgForceHTTPS is true, the forceHTTPS cookie is not sent, and this value is ignored.

Parameters

bool $force

Definition at line 242 of file Session.php.

◆ setLoggedOutTimestamp()

MediaWiki\Session\Session::setLoggedOutTimestamp ( $ts )

Parameters

int $ts

Definition at line 257 of file Session.php.

◆ setRememberUser()

MediaWiki\Session\Session::setRememberUser ( $remember )

Set whether the user should be remembered independently of the session ID.

Parameters

bool $remember

Definition at line 161 of file Session.php.

◆ setSecret()

MediaWiki\Session\Session::setSecret	(		$key,
			$value )

Set a value in the session, encrypted.

This relies on the secrecy of $wgSecretKey (by default), or $wgSessionSecret.

Parameters

string \| int	$key
mixed	$value

Definition at line 481 of file Session.php.

◆ setUser()

MediaWiki\Session\Session::setUser ( $user )

Set a new user for this session.

Note: This should only be called when the user has been authenticated

Parameters

User $user User to set on the session. This may become a "UserValue" in the future, or User may be refactored into such.

Definition at line 212 of file Session.php.

◆ shouldForceHTTPS()

MediaWiki\Session\Session::shouldForceHTTPS ( )

Get the expected value of the forceHTTPS cookie.

This reflects whether session cookies were sent with the Secure attribute. If $wgForceHTTPS is true, the forceHTTPS cookie is not sent and this value is ignored.

Returns: bool

Definition at line 231 of file Session.php.

◆ shouldRememberUser()

MediaWiki\Session\Session::shouldRememberUser ( )

Indicate whether the user should be remembered independently of the session ID.

Returns: bool

Definition at line 152 of file Session.php.

◆ suggestLoginUsername()

MediaWiki\Session\Session::suggestLoginUsername ( )

Get a suggested username for the login form.

Returns: string|null

Definition at line 220 of file Session.php.

◆ unpersist()

MediaWiki\Session\Session::unpersist ( )

Make this session not be persisted across requests.

This will remove persistence information (e.g. delete cookies) from the associated WebRequest(s), and delete session data in the backend. The session data will still be available via get() until the end of the request.

Definition at line 143 of file Session.php.

◆ valid()

MediaWiki\Session\Session::valid ( )

Definition at line 624 of file Session.php.

The documentation for this class was generated from the following file:

includes/session/Session.php

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

◆ __destruct()

Member Function Documentation

◆ canSetUser()

◆ clear()

◆ count()

◆ current()

◆ delaySave()

◆ exists()

◆ get()

◆ getAllowedUserRights()

◆ getId()

◆ getLoggedOutTimestamp()

◆ getProvider()

◆ getProviderMetadata()

◆ getRequest()

◆ getRestrictions()

◆ getSecret()

◆ getSessionId()

◆ getToken()

◆ getUser()

◆ hasToken()

◆ isPersistent()

◆ key()

◆ next()

◆ offsetExists()

◆ offsetGet()

◆ offsetSet()

◆ offsetUnset()

◆ persist()

◆ remove()

◆ renew()

◆ resetAllTokens()

◆ resetId()

◆ resetToken()

◆ rewind()

◆ save()

◆ sessionWithRequest()

◆ set()

◆ setForceHTTPS()

◆ setLoggedOutTimestamp()

◆ setRememberUser()

◆ setSecret()

◆ setUser()

◆ shouldForceHTTPS()

◆ shouldRememberUser()

◆ suggestLoginUsername()

◆ unpersist()

◆ valid()