This is the actual workhorse for Session. More...

Public Member Functions
	__construct (SessionId $id, SessionInfo $info, CachedBagOStuff $store, LoggerInterface $logger, HookContainer $hookContainer, $lifetime)

	addData (array $newData)
	Add data to the session. More...

	canSetUser ()
	Indicate whether the session user info can be changed. More...

	delaySave ()
	Delay automatic saving while multiple updates are being made. More...

	deregisterSession ( $index)
	Deregister a Session. More...

	dirty ()
	Mark data as dirty. More...

	getAllowedUserRights ()
	Fetch the rights allowed the user when this session is active. More...

&	getData ()
	Fetch the session data array. More...

	getId ()
	Returns the session ID. More...

	getLoggedOutTimestamp ()
	Fetch the "logged out" timestamp. More...

	getProvider ()
	Fetch the SessionProvider for this session. More...

	getProviderMetadata ()
	Fetch provider metadata. More...

	getRequest ( $index)
	Returns the request associated with a Session. More...

	getSession (WebRequest $request)
	Return a new Session for this backend. More...

	getSessionId ()
	Fetch the SessionId object. More...

	getUser ()
	Returns the authenticated user for this session. More...

	isPersistent ()
	Indicate whether this session is persisted across requests. More...

	persist ()
	Make this session persisted across requests. More...

	renew ()
	Renew the session by resaving everything. More...

	resetId ()
	Changes the session ID. More...

	save ( $closing=false)
	Save the session. More...

	setForceHTTPS ( $force)
	Set whether HTTPS should be forced. More...

	setLoggedOutTimestamp ( $ts=null)

	setProviderMetadata ( $metadata)

	setRememberUser ( $remember)
	Set whether the user should be remembered independently of the session ID. More...

	setUser ( $user)
	Set a new user for this session. More...

	shouldForceHTTPS ()
	Whether HTTPS should be forced. More...

	shouldRememberUser ()
	Indicate whether the user should be remembered independently of the session ID. More...

	shutdown ()
	Shut down a session. More...

	suggestLoginUsername ( $index)
	Get a suggested username for the login form. More...

	unpersist ()
	Make this session not persisted across requests. More...

Detailed Description

This is the actual workhorse for Session.

Most code does not need to use this class, you want \MediaWiki\Session\Session. The exceptions are SessionProviders and SessionMetadata hook functions, which get an instance of this class rather than Session.

The reasons for this split are:

A session can be attached to multiple requests, but we want the Session object to have some features that correspond to just one of those requests.
We want reasonable garbage collection behavior, but we also want the SessionManager to hold a reference to every active session so it can be saved when the request ends.

Since: 1.27

Definition at line 54 of file SessionBackend.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\SessionBackend::__construct	(	SessionId	$id,
		SessionInfo	$info,
		CachedBagOStuff	$store,
		LoggerInterface	$logger,
		HookContainer	$hookContainer,
			$lifetime
	)

Parameters

SessionId	$id
SessionInfo	$info	Session info to populate from
CachedBagOStuff	$store	Backend data store
LoggerInterface	$logger
HookContainer	$hookContainer
int	$lifetime	Session data lifetime in seconds

Definition at line 150 of file SessionBackend.php.

References $blob, MediaWiki\Session\SessionInfo\forceHTTPS(), CachedBagOStuff\get(), MediaWiki\Session\SessionId\getId(), MediaWiki\Session\SessionInfo\getId(), MediaWiki\MediaWikiServices\getInstance(), MediaWiki\Session\SessionInfo\getProvider(), MediaWiki\Session\SessionInfo\getProviderMetadata(), MediaWiki\Session\SessionInfo\getUserInfo(), CachedBagOStuff\makeKey(), MediaWiki\Session\SessionBackend\persist(), MediaWiki\MainConfigNames\PHPSessionHandling, serialize(), MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().

Member Function Documentation

◆ addData()

MediaWiki\Session\SessionBackend::addData ( array $newData )

Add data to the session.

Overwrites any existing data under the same keys.

Parameters

array $newData Key-value pairs to add to the session

Definition at line 575 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\getData(), and wfGetAllCallers().

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().

◆ canSetUser()

MediaWiki\Session\SessionBackend::canSetUser ( )

Indicate whether the session user info can be changed.

Returns: bool

Definition at line 436 of file SessionBackend.php.

Referenced by MediaWiki\Session\SessionBackend\setUser().

◆ delaySave()

MediaWiki\Session\SessionBackend::delaySave ( )

Delay automatic saving while multiple updates are being made.

Calls to save() will not be delayed.

Returns: \Wikimedia\ScopedCallback When this goes out of scope, a save will be triggered

Definition at line 641 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\save().

◆ deregisterSession()

MediaWiki\Session\SessionBackend::deregisterSession ( $index )

Deregister a Session.

Access: internal: For use by \MediaWiki\Session\Session::__destruct() only

Parameters

int $index

Definition at line 233 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\save(), and MediaWiki\Session\SessionBackend\shutdown().

◆ dirty()

MediaWiki\Session\SessionBackend::dirty ( )

Mark data as dirty.

Access: internal: For use by \MediaWiki\Session\Session only.

Definition at line 595 of file SessionBackend.php.

References wfGetAllCallers().

◆ getAllowedUserRights()

MediaWiki\Session\SessionBackend::getAllowedUserRights ( )

Fetch the rights allowed the user when this session is active.

Returns: null|string[] Allowed user rights, or null to allow all.

Definition at line 428 of file SessionBackend.php.

◆ getData()

& MediaWiki\Session\SessionBackend::getData ( )

Fetch the session data array.

Note the caller is responsible for calling $this->dirty() if anything in the array is changed.

Access: internal: For use by \MediaWiki\Session\Session only.

Returns: array

Definition at line 564 of file SessionBackend.php.

Referenced by MediaWiki\Session\SessionBackend\addData().

◆ getId()

MediaWiki\Session\SessionBackend::getId ( )

Returns the session ID.

Returns: string

Definition at line 254 of file SessionBackend.php.

Referenced by MediaWiki\Session\SessionManager\deregisterSessionBackend(), MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().

◆ getLoggedOutTimestamp()

MediaWiki\Session\SessionBackend::getLoggedOutTimestamp ( )

Fetch the "logged out" timestamp.

Returns: int

Definition at line 505 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().

◆ getProvider()

MediaWiki\Session\SessionBackend::getProvider ( )

Fetch the SessionProvider for this session.

Returns: SessionProviderInterface

Definition at line 311 of file SessionBackend.php.

Referenced by MediaWiki\Session\BotPasswordSessionProvider\getAllowedUserRights(), and MediaWiki\Session\SessionProvider\getAllowedUserRights().

◆ getProviderMetadata()

MediaWiki\Session\SessionBackend::getProviderMetadata ( )

Fetch provider metadata.

Note: For use by SessionProvider subclasses only

Returns: array|null

Definition at line 531 of file SessionBackend.php.

Referenced by MediaWiki\Session\BotPasswordSessionProvider\getAllowedUserRights().

◆ getRequest()

MediaWiki\Session\SessionBackend::getRequest ( $index )

Returns the request associated with a Session.

Parameters

int $index Session index

Returns: WebRequest

Definition at line 409 of file SessionBackend.php.

◆ getSession()

MediaWiki\Session\SessionBackend::getSession ( WebRequest $request )

Return a new Session for this backend.

Parameters

WebRequest $request

Returns: Session

Definition at line 221 of file SessionBackend.php.

◆ getSessionId()

MediaWiki\Session\SessionBackend::getSessionId ( )

Fetch the SessionId object.

Access: internal: For internal use by WebRequest

Returns: SessionId

Definition at line 263 of file SessionBackend.php.

Referenced by MediaWiki\Session\SessionManager\changeBackendId(), MediaWiki\Session\SessionManager\deregisterSessionBackend(), and MediaWiki\Session\SessionBackend\save().

◆ getUser()

MediaWiki\Session\SessionBackend::getUser ( )

Returns the authenticated user for this session.

Returns: User

Definition at line 420 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().

◆ isPersistent()

MediaWiki\Session\SessionBackend::isPersistent ( )

Indicate whether this session is persisted across requests.

For example, if cookies are set.

Returns: bool

Definition at line 322 of file SessionBackend.php.

◆ persist()

MediaWiki\Session\SessionBackend::persist ( )

Make this session persisted across requests.

If the session is already persistent, equivalent to calling $this->renew().

Definition at line 332 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\renew().

Referenced by MediaWiki\Session\SessionBackend\__construct(), MediaWiki\Session\SessionBackend\renew(), MediaWiki\Session\SessionBackend\save(), and MediaWiki\Session\SessionBackend\unpersist().

◆ renew()

MediaWiki\Session\SessionBackend::renew ( )

Renew the session by resaving everything.

Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent.

Definition at line 611 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\persist(), and wfGetAllCallers().

Referenced by MediaWiki\Session\SessionBackend\persist().

◆ resetId()

MediaWiki\Session\SessionBackend::resetId ( )

Changes the session ID.

Returns: string New ID (might be the same as the old)

Definition at line 271 of file SessionBackend.php.

References MediaWiki\Session\PHPSessionHandler\isEnabled().

◆ save()

MediaWiki\Session\SessionBackend::save ( $closing = false )

Save the session.

Update both the backend data and the associated WebRequest(s) to reflect the state of the SessionBackend. This might include persisting or unpersisting the session.

Parameters

bool $closing Whether the session is being closed

Definition at line 670 of file SessionBackend.php.

References DeferredUpdates\addCallableUpdate(), MediaWiki\MediaWikiServices\getInstance(), MediaWiki\Session\SessionBackend\getSessionId(), MediaWiki\Session\SessionBackend\persist(), User\saveSettings(), serialize(), and BagOStuff\WRITE_CACHE_ONLY.

Referenced by MediaWiki\Session\SessionBackend\delaySave(), MediaWiki\Session\SessionBackend\deregisterSession(), and MediaWiki\Session\SessionBackend\shutdown().

◆ setForceHTTPS()

MediaWiki\Session\SessionBackend::setForceHTTPS ( $force )

Set whether HTTPS should be forced.

Parameters

bool $force

Definition at line 488 of file SessionBackend.php.

◆ setLoggedOutTimestamp()

MediaWiki\Session\SessionBackend::setLoggedOutTimestamp ( $ts = null )

Parameters

int | null $ts

Definition at line 512 of file SessionBackend.php.

◆ setProviderMetadata()

MediaWiki\Session\SessionBackend::setProviderMetadata ( $metadata )

Note: For use by SessionProvider subclasses only

Parameters

array | null $metadata

Definition at line 539 of file SessionBackend.php.

◆ setRememberUser()

MediaWiki\Session\SessionBackend::setRememberUser ( $remember )

Set whether the user should be remembered independently of the session ID.

Parameters

bool $remember

Definition at line 391 of file SessionBackend.php.

◆ setUser()

MediaWiki\Session\SessionBackend::setUser ( $user )

Set a new user for this session.

Note: This should only be called when the user has been authenticated via a login process

Parameters

User $user User to set on the session. This may become a "UserValue" in the future, or User may be refactored into such.

Definition at line 447 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\canSetUser().

◆ shouldForceHTTPS()

MediaWiki\Session\SessionBackend::shouldForceHTTPS ( )

Whether HTTPS should be forced.

Returns: bool

Definition at line 480 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().

◆ shouldRememberUser()

MediaWiki\Session\SessionBackend::shouldRememberUser ( )

Indicate whether the user should be remembered independently of the session ID.

Returns: bool

Definition at line 382 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\CookieSessionProvider\setForceHTTPSCookie().

◆ shutdown()

MediaWiki\Session\SessionBackend::shutdown ( )

Shut down a session.

Access: internal: For use by \MediaWiki\Session\SessionManager::shutdown() only

Definition at line 245 of file SessionBackend.php.

References MediaWiki\Session\SessionBackend\save().

Referenced by MediaWiki\Session\SessionBackend\deregisterSession().

◆ suggestLoginUsername()

MediaWiki\Session\SessionBackend::suggestLoginUsername ( $index )

Get a suggested username for the login form.

Parameters

int $index Session index

Returns: string|null

Definition at line 469 of file SessionBackend.php.

◆ unpersist()

MediaWiki\Session\SessionBackend::unpersist ( )

Make this session not persisted across requests.

Definition at line 351 of file SessionBackend.php.

References MediaWiki\Session\PHPSessionHandler\isEnabled(), and MediaWiki\Session\SessionBackend\persist().

The documentation for this class was generated from the following file:

includes/session/SessionBackend.php

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ addData()

◆ canSetUser()

◆ delaySave()

◆ deregisterSession()

◆ dirty()

◆ getAllowedUserRights()

◆ getData()

◆ getId()

◆ getLoggedOutTimestamp()

◆ getProvider()

◆ getProviderMetadata()

◆ getRequest()

◆ getSession()

◆ getSessionId()

◆ getUser()

◆ isPersistent()

◆ persist()

◆ renew()

◆ resetId()

◆ save()

◆ setForceHTTPS()

◆ setLoggedOutTimestamp()

◆ setProviderMetadata()

◆ setRememberUser()

◆ setUser()

◆ shouldForceHTTPS()

◆ shouldRememberUser()

◆ shutdown()

◆ suggestLoginUsername()

◆ unpersist()