This is the actual workhorse for Session. More...
Public Member Functions | |
| __construct (SessionId $id, SessionInfo $info, CachedBagOStuff $store, LoggerInterface $logger, HookContainer $hookContainer, $lifetime) | |
| addData (array $newData) | |
| Add data to the session. More... | |
| canSetUser () | |
| Indicate whether the session user info can be changed. More... | |
| delaySave () | |
| Delay automatic saving while multiple updates are being made. More... | |
| deregisterSession ( $index) | |
| Deregister a Session. More... | |
| dirty () | |
| Mark data as dirty. More... | |
| getAllowedUserRights () | |
| Fetch the rights allowed the user when this session is active. More... | |
| & | getData () |
| Fetch the session data array. More... | |
| getId () | |
| Returns the session ID. More... | |
| getLoggedOutTimestamp () | |
| Fetch the "logged out" timestamp. More... | |
| getProvider () | |
| Fetch the SessionProvider for this session. More... | |
| getProviderMetadata () | |
| Fetch provider metadata. More... | |
| getRequest ( $index) | |
| Returns the request associated with a Session. More... | |
| getSession (WebRequest $request) | |
| Return a new Session for this backend. More... | |
| getSessionId () | |
| Fetch the SessionId object. More... | |
| getUser () | |
| Returns the authenticated user for this session. More... | |
| isPersistent () | |
| Indicate whether this session is persisted across requests. More... | |
| persist () | |
| Make this session persisted across requests. More... | |
| renew () | |
| Renew the session by resaving everything. More... | |
| resetId () | |
| Changes the session ID. More... | |
| save ( $closing=false) | |
| Save the session. More... | |
| setForceHTTPS ( $force) | |
| Set whether HTTPS should be forced. More... | |
| setLoggedOutTimestamp ( $ts=null) | |
| setProviderMetadata ( $metadata) | |
| setRememberUser ( $remember) | |
| Set whether the user should be remembered independently of the session ID. More... | |
| setUser ( $user) | |
| Set a new user for this session. More... | |
| shouldForceHTTPS () | |
| Whether HTTPS should be forced. More... | |
| shouldRememberUser () | |
| Indicate whether the user should be remembered independently of the session ID. More... | |
| shutdown () | |
| Shut down a session. More... | |
| suggestLoginUsername ( $index) | |
| Get a suggested username for the login form. More... | |
| unpersist () | |
| Make this session not persisted across requests. More... | |
Private Member Functions | |
| autosave () | |
| Save the session, unless delayed. More... | |
| checkPHPSession () | |
| For backwards compatibility, open the PHP session when the global session is persisted. More... | |
| logPersistenceChange (WebRequest $request, bool $persist) | |
| Helper method for logging persistSession/unpersistSession calls. More... | |
Private Attributes | |
| bool | $checkPHPSessionRecursionGuard = false |
| int | $curIndex = 0 |
| array null | $data = null |
| bool | $dataDirty = false |
| string | $dataHash = null |
| Used to detect subarray modifications. More... | |
| int | $delaySave = 0 |
| int | $expires = 0 |
| bool | $forceHTTPS = false |
| bool | $forcePersist = false |
| HookRunner | $hookRunner |
| SessionId | $id |
| int | $lifetime |
| int | $loggedOut = 0 |
| LoggerInterface | $logger |
| bool | $metaDirty = false |
| bool | $persist = false |
| array | $persistenceChangeData = [] |
| The data from the previous logPersistenceChange() log event. More... | |
| string null | $persistenceChangeType |
| The reason for the next persistSession/unpersistSession call. More... | |
| SessionProvider | $provider |
| provider More... | |
| array null | $providerMetadata = null |
| provider-specified metadata More... | |
| bool | $remember = false |
| WebRequest[] | $requests = [] |
| Session requests. More... | |
| bool | $shutdown = false |
| CachedBagOStuff | $store |
| bool | $usePhpSessionHandling = true |
| User | $user |
Detailed Description
This is the actual workhorse for Session.
Most code does not need to use this class, you want \MediaWiki\Session\Session. The exceptions are SessionProviders and SessionMetadata hook functions, which get an instance of this class rather than Session.
The reasons for this split are:
- A session can be attached to multiple requests, but we want the Session object to have some features that correspond to just one of those requests.
- We want reasonable garbage collection behavior, but we also want the SessionManager to hold a reference to every active session so it can be saved when the request ends.
- Since
- 1.27
Definition at line 53 of file SessionBackend.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Session\SessionBackend::__construct | ( | SessionId | $id, |
| SessionInfo | $info, | ||
| CachedBagOStuff | $store, | ||
| LoggerInterface | $logger, | ||
| HookContainer | $hookContainer, | ||
| $lifetime | |||
| ) |
- Parameters
-
SessionId $id SessionInfo $info Session info to populate from CachedBagOStuff $store Backend data store LoggerInterface $logger HookContainer $hookContainer int $lifetime Session data lifetime in seconds
Definition at line 149 of file SessionBackend.php.
References $blob, MediaWiki\Session\SessionBackend\$id, MediaWiki\Session\SessionBackend\$lifetime, MediaWiki\Session\SessionBackend\$logger, MediaWiki\Session\SessionBackend\$store, MediaWiki\Session\SessionInfo\forceHTTPS(), CachedBagOStuff\get(), MediaWiki\Session\SessionId\getId(), MediaWiki\Session\SessionInfo\getId(), RequestContext\getMain(), MediaWiki\Session\SessionInfo\getProvider(), MediaWiki\Session\SessionInfo\getProviderMetadata(), MediaWiki\Session\SessionInfo\getUserInfo(), CachedBagOStuff\makeKey(), MediaWiki\Session\SessionBackend\persist(), serialize(), MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().
Member Function Documentation
◆ addData()
| MediaWiki\Session\SessionBackend::addData | ( | array | $newData | ) |
Add data to the session.
Overwrites any existing data under the same keys.
- Parameters
-
array $newData Key-value pairs to add to the session
Definition at line 573 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$data, MediaWiki\Session\SessionBackend\getData(), and wfGetAllCallers().
Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().
◆ autosave()
|
private |
Save the session, unless delayed.
- See also
- SessionBackend::save()
Definition at line 653 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\delaySave(), and MediaWiki\Session\SessionBackend\save().
Referenced by MediaWiki\Session\SessionBackend\persist(), MediaWiki\Session\SessionBackend\renew(), MediaWiki\Session\SessionBackend\resetId(), MediaWiki\Session\SessionBackend\setForceHTTPS(), MediaWiki\Session\SessionBackend\setLoggedOutTimestamp(), MediaWiki\Session\SessionBackend\setProviderMetadata(), MediaWiki\Session\SessionBackend\setRememberUser(), MediaWiki\Session\SessionBackend\setUser(), and MediaWiki\Session\SessionBackend\unpersist().
◆ canSetUser()
| MediaWiki\Session\SessionBackend::canSetUser | ( | ) |
Indicate whether the session user info can be changed.
- Returns
- bool
Definition at line 434 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\setUser().
◆ checkPHPSession()
|
private |
For backwards compatibility, open the PHP session when the global session is persisted.
Definition at line 803 of file SessionBackend.php.
References MediaWiki\Session\SessionManager\getGlobalSession(), MediaWiki\Session\SessionBackend\getId(), and MediaWiki\Session\PHPSessionHandler\isEnabled().
Referenced by MediaWiki\Session\SessionBackend\save().
◆ delaySave()
| MediaWiki\Session\SessionBackend::delaySave | ( | ) |
Delay automatic saving while multiple updates are being made.
Calls to save() will not be delayed.
- Returns
- \Wikimedia\ScopedCallback When this goes out of scope, a save will be triggered
Definition at line 639 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\save().
Referenced by MediaWiki\Session\SessionBackend\autosave().
◆ deregisterSession()
| MediaWiki\Session\SessionBackend::deregisterSession | ( | $index | ) |
Deregister a Session.
- Access: internal
- For use by \MediaWiki\Session\Session::__destruct() only
- Parameters
-
int $index
Definition at line 231 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\save(), and MediaWiki\Session\SessionBackend\shutdown().
◆ dirty()
| MediaWiki\Session\SessionBackend::dirty | ( | ) |
Mark data as dirty.
Definition at line 593 of file SessionBackend.php.
References wfGetAllCallers().
◆ getAllowedUserRights()
| MediaWiki\Session\SessionBackend::getAllowedUserRights | ( | ) |
Fetch the rights allowed the user when this session is active.
- Returns
- null|string[] Allowed user rights, or null to allow all.
Definition at line 426 of file SessionBackend.php.
◆ getData()
| & MediaWiki\Session\SessionBackend::getData | ( | ) |
Fetch the session data array.
Note the caller is responsible for calling $this->dirty() if anything in the array is changed.
- Returns
- array
Definition at line 562 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$data.
Referenced by MediaWiki\Session\SessionBackend\addData().
◆ getId()
| MediaWiki\Session\SessionBackend::getId | ( | ) |
Returns the session ID.
- Returns
- string
Definition at line 252 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$id.
Referenced by MediaWiki\Session\SessionBackend\checkPHPSession(), MediaWiki\Session\SessionManager\deregisterSessionBackend(), MediaWiki\Session\SessionBackend\logPersistenceChange(), MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().
◆ getLoggedOutTimestamp()
| MediaWiki\Session\SessionBackend::getLoggedOutTimestamp | ( | ) |
Fetch the "logged out" timestamp.
- Returns
- int
Definition at line 503 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$loggedOut.
Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().
◆ getProvider()
| MediaWiki\Session\SessionBackend::getProvider | ( | ) |
Fetch the SessionProvider for this session.
- Returns
- SessionProviderInterface
Definition at line 309 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$provider.
Referenced by MediaWiki\Session\Session\BotPasswordSessionProvider\getAllowedUserRights(), MediaWiki\Session\SessionProvider\getAllowedUserRights(), and MediaWiki\Session\SessionBackend\logPersistenceChange().
◆ getProviderMetadata()
| MediaWiki\Session\SessionBackend::getProviderMetadata | ( | ) |
Fetch provider metadata.
- Note
- For use by SessionProvider subclasses only
- Returns
- array|null
Definition at line 529 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$providerMetadata.
Referenced by MediaWiki\Session\Session\BotPasswordSessionProvider\getAllowedUserRights().
◆ getRequest()
| MediaWiki\Session\SessionBackend::getRequest | ( | $index | ) |
Returns the request associated with a Session.
- Parameters
-
int $index Session index
- Returns
- WebRequest
Definition at line 407 of file SessionBackend.php.
◆ getSession()
| MediaWiki\Session\SessionBackend::getSession | ( | WebRequest | $request | ) |
Return a new Session for this backend.
- Parameters
-
WebRequest $request
- Returns
- Session
Definition at line 219 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$curIndex.
◆ getSessionId()
| MediaWiki\Session\SessionBackend::getSessionId | ( | ) |
Fetch the SessionId object.
- Access: internal
- For internal use by WebRequest
- Returns
- SessionId
Definition at line 261 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$id.
Referenced by MediaWiki\Session\SessionManager\changeBackendId(), MediaWiki\Session\SessionManager\deregisterSessionBackend(), and MediaWiki\Session\SessionBackend\save().
◆ getUser()
| MediaWiki\Session\SessionBackend::getUser | ( | ) |
Returns the authenticated user for this session.
- Returns
- User
Definition at line 418 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$user.
Referenced by MediaWiki\Session\SessionBackend\logPersistenceChange(), MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().
◆ isPersistent()
| MediaWiki\Session\SessionBackend::isPersistent | ( | ) |
Indicate whether this session is persisted across requests.
For example, if cookies are set.
- Returns
- bool
Definition at line 320 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$persist.
Referenced by MediaWiki\Session\SessionBackend\logPersistenceChange().
◆ logPersistenceChange()
|
private |
Helper method for logging persistSession/unpersistSession calls.
- Parameters
-
WebRequest $request bool $persist True when persisting, false when unpersisting
Definition at line 829 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$id, MediaWiki\Session\SessionBackend\$persist, MediaWiki\Session\SessionBackend\$user, WebRequest\getHeader(), MediaWiki\Session\SessionBackend\getId(), WebRequest\getIP(), MediaWiki\Session\SessionBackend\getProvider(), MediaWiki\Session\SessionBackend\getUser(), and MediaWiki\Session\SessionBackend\isPersistent().
Referenced by MediaWiki\Session\SessionBackend\save().
◆ persist()
| MediaWiki\Session\SessionBackend::persist | ( | ) |
Make this session persisted across requests.
If the session is already persistent, equivalent to calling $this->renew().
Definition at line 330 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\autosave(), and MediaWiki\Session\SessionBackend\renew().
Referenced by MediaWiki\Session\SessionBackend\__construct(), MediaWiki\Session\SessionBackend\renew(), MediaWiki\Session\SessionBackend\save(), and MediaWiki\Session\SessionBackend\unpersist().
◆ renew()
| MediaWiki\Session\SessionBackend::renew | ( | ) |
Renew the session by resaving everything.
Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent.
Definition at line 609 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\autosave(), MediaWiki\Session\SessionBackend\persist(), and wfGetAllCallers().
Referenced by MediaWiki\Session\SessionBackend\persist().
◆ resetId()
| MediaWiki\Session\SessionBackend::resetId | ( | ) |
Changes the session ID.
- Returns
- string New ID (might be the same as the old)
Definition at line 269 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$id, MediaWiki\Session\SessionBackend\autosave(), and MediaWiki\Session\PHPSessionHandler\isEnabled().
◆ save()
| MediaWiki\Session\SessionBackend::save | ( | $closing = false | ) |
Save the session.
Update both the backend data and the associated WebRequest(s) to reflect the state of the SessionBackend. This might include persisting or unpersisting the session.
- Parameters
-
bool $closing Whether the session is being closed
Definition at line 668 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$forceHTTPS, MediaWiki\Session\SessionBackend\$lifetime, MediaWiki\Session\SessionBackend\$loggedOut, MediaWiki\Session\SessionBackend\$persist, MediaWiki\Session\SessionBackend\$remember, MediaWiki\Session\SessionBackend\$user, DeferredUpdates\addCallableUpdate(), MediaWiki\Session\SessionBackend\checkPHPSession(), MediaWiki\MediaWikiServices\getInstance(), MediaWiki\Session\SessionBackend\getSessionId(), MediaWiki\Session\SessionBackend\logPersistenceChange(), MediaWiki\Session\SessionBackend\persist(), User\saveSettings(), serialize(), wfReadOnly(), BagOStuff\WRITE_CACHE_ONLY, and BagOStuff\WRITE_SYNC.
Referenced by MediaWiki\Session\SessionBackend\autosave(), MediaWiki\Session\SessionBackend\delaySave(), MediaWiki\Session\SessionBackend\deregisterSession(), and MediaWiki\Session\SessionBackend\shutdown().
◆ setForceHTTPS()
| MediaWiki\Session\SessionBackend::setForceHTTPS | ( | $force | ) |
Set whether HTTPS should be forced.
- Parameters
-
bool $force
Definition at line 486 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\autosave().
◆ setLoggedOutTimestamp()
| MediaWiki\Session\SessionBackend::setLoggedOutTimestamp | ( | $ts = null | ) |
- Parameters
-
int | null $ts
Definition at line 510 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\autosave().
◆ setProviderMetadata()
| MediaWiki\Session\SessionBackend::setProviderMetadata | ( | $metadata | ) |
- Note
- For use by SessionProvider subclasses only
- Parameters
-
array | null $metadata
Definition at line 537 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\autosave().
◆ setRememberUser()
| MediaWiki\Session\SessionBackend::setRememberUser | ( | $remember | ) |
Set whether the user should be remembered independently of the session ID.
- Parameters
-
bool $remember
Definition at line 389 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$remember, and MediaWiki\Session\SessionBackend\autosave().
◆ setUser()
| MediaWiki\Session\SessionBackend::setUser | ( | $user | ) |
Set a new user for this session.
- Note
- This should only be called when the user has been authenticated via a login process
- Parameters
-
User $user User to set on the session. This may become a "UserValue" in the future, or User may be refactored into such.
Definition at line 445 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$user, MediaWiki\Session\SessionBackend\autosave(), and MediaWiki\Session\SessionBackend\canSetUser().
◆ shouldForceHTTPS()
| MediaWiki\Session\SessionBackend::shouldForceHTTPS | ( | ) |
Whether HTTPS should be forced.
- Returns
- bool
Definition at line 478 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$forceHTTPS.
Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().
◆ shouldRememberUser()
| MediaWiki\Session\SessionBackend::shouldRememberUser | ( | ) |
Indicate whether the user should be remembered independently of the session ID.
- Returns
- bool
Definition at line 380 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\$remember.
Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\CookieSessionProvider\setForceHTTPSCookie().
◆ shutdown()
| MediaWiki\Session\SessionBackend::shutdown | ( | ) |
Shut down a session.
- Access: internal
- For use by \MediaWiki\Session\SessionManager::shutdown() only
Definition at line 243 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\save().
Referenced by MediaWiki\Session\SessionBackend\deregisterSession().
◆ suggestLoginUsername()
| MediaWiki\Session\SessionBackend::suggestLoginUsername | ( | $index | ) |
Get a suggested username for the login form.
- Parameters
-
int $index Session index
- Returns
- string|null
Definition at line 467 of file SessionBackend.php.
◆ unpersist()
| MediaWiki\Session\SessionBackend::unpersist | ( | ) |
Make this session not persisted across requests.
Definition at line 349 of file SessionBackend.php.
References MediaWiki\Session\SessionBackend\autosave(), MediaWiki\Session\PHPSessionHandler\isEnabled(), and MediaWiki\Session\SessionBackend\persist().
Member Data Documentation
◆ $checkPHPSessionRecursionGuard
|
private |
Definition at line 136 of file SessionBackend.php.
◆ $curIndex
|
private |
Definition at line 113 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\getSession().
◆ $data
|
private |
Definition at line 67 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\addData(), and MediaWiki\Session\SessionBackend\getData().
◆ $dataDirty
|
private |
Definition at line 92 of file SessionBackend.php.
◆ $dataHash
|
private |
Used to detect subarray modifications.
Definition at line 95 of file SessionBackend.php.
◆ $delaySave
|
private |
Definition at line 131 of file SessionBackend.php.
◆ $expires
|
private |
Definition at line 125 of file SessionBackend.php.
◆ $forceHTTPS
|
private |
Definition at line 64 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\save(), and MediaWiki\Session\SessionBackend\shouldForceHTTPS().
◆ $forcePersist
|
private |
Definition at line 70 of file SessionBackend.php.
◆ $hookRunner
|
private |
Definition at line 104 of file SessionBackend.php.
◆ $id
|
private |
Definition at line 55 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\__construct(), MediaWiki\Session\SessionBackend\getId(), MediaWiki\Session\SessionBackend\getSessionId(), MediaWiki\Session\SessionBackend\logPersistenceChange(), and MediaWiki\Session\SessionBackend\resetId().
◆ $lifetime
|
private |
Definition at line 107 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\__construct(), and MediaWiki\Session\SessionBackend\save().
◆ $loggedOut
|
private |
Definition at line 128 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\getLoggedOutTimestamp(), and MediaWiki\Session\SessionBackend\save().
◆ $logger
|
private |
Definition at line 101 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\__construct().
◆ $metaDirty
|
private |
Definition at line 89 of file SessionBackend.php.
◆ $persist
|
private |
Definition at line 58 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\isPersistent(), MediaWiki\Session\SessionBackend\logPersistenceChange(), and MediaWiki\Session\SessionBackend\save().
◆ $persistenceChangeData
|
private |
The data from the previous logPersistenceChange() log event.
Used for deduplication.
Definition at line 86 of file SessionBackend.php.
◆ $persistenceChangeType
|
private |
The reason for the next persistSession/unpersistSession call.
Only used for logging. Can be:
- 'renew': triggered by a renew() call)
- 'no-store': the session was not found in the session store
- 'no-expiry': there was no expiry * in the session store data; this probably shouldn't happen
- null otherwise.
Definition at line 80 of file SessionBackend.php.
◆ $provider
|
private |
provider
Definition at line 119 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\getProvider().
◆ $providerMetadata
|
private |
provider-specified metadata
Definition at line 122 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\getProviderMetadata().
◆ $remember
|
private |
Definition at line 61 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\save(), MediaWiki\Session\SessionBackend\setRememberUser(), and MediaWiki\Session\SessionBackend\shouldRememberUser().
◆ $requests
|
private |
Session requests.
Definition at line 116 of file SessionBackend.php.
◆ $shutdown
|
private |
Definition at line 139 of file SessionBackend.php.
◆ $store
|
private |
Definition at line 98 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\__construct().
◆ $usePhpSessionHandling
|
private |
Definition at line 134 of file SessionBackend.php.
◆ $user
|
private |
Definition at line 110 of file SessionBackend.php.
Referenced by MediaWiki\Session\SessionBackend\getUser(), MediaWiki\Session\SessionBackend\logPersistenceChange(), MediaWiki\Session\SessionBackend\save(), and MediaWiki\Session\SessionBackend\setUser().
The documentation for this class was generated from the following file:
- includes/session/SessionBackend.php
