MediaWiki master
Public Member Functions | List of all members
MediaWiki\Session\SessionBackend Class Reference

This is the actual workhorse for Session. More...

Public Member Functions

 __construct (SessionId $id, SessionInfo $info, SessionStore $sessionStore, LoggerInterface $logger, HookContainer $hookContainer, $lifetime)
 
 addData (array $newData)
 Add data to the session.
 
 canSetUser ()
 Whether the session user info can be changed.
 
 delaySave ()
 Delay automatic saving while multiple updates are being made.
 
 deregisterSession ( $index)
 Deregister a Session.
 
 dirty ()
 Mark data as dirty.
 
 getAllowedUserRights ()
 
getData ()
 Fetch the session data array.
 
 getId ()
 Return the session ID.
 
 getLoggedOutTimestamp ()
 Fetch the "logged out" timestamp.
 
 getProvider ()
 Fetch the SessionProvider for this session.
 
 getProviderMetadata ()
 Fetch provider metadata.
 
 getRequest ( $index)
 Return the request associated with a Session.
 
 getRestrictions ()
 
 getSession (WebRequest $request)
 Create a new Session for this backend.
 
 getSessionId ()
 Fetch the SessionId object.
 
 getUser ()
 Return the authenticated user for this session.
 
 isPersistent ()
 Whether this session is persisted across requests.
 
 persist (bool $force=false)
 Make this session persisted across requests by calling SessionProvider::persist() and saving the session data and metadata to the session store.
 
 renew ()
 Renew the session by re-saving all data with a new TTL.
 
 resetId ()
 Change the session ID.
 
 save ( $closing=false)
 Save the session.
 
 setForceHTTPS ( $force)
 Set whether HTTPS should be forced.
 
 setLoggedOutTimestamp ( $ts=null)
 
 setProviderMetadata ( $metadata)
 
 setRememberUser ( $remember)
 Set whether the user should be remembered, independently of the session ID.
 
 setUser ( $user)
 Set a new User object for this session.
 
 shouldForceHTTPS ()
 Whether HTTPS should be forced.
 
 shouldRememberUser ()
 Whether the user should be remembered, independently of the session ID.
 
 shutdown ()
 Shut down a session.
 
 suggestLoginUsername ( $index)
 
 unpersist ()
 Make this session not persisted across requests.
 

Detailed Description

This is the actual workhorse for Session.

Most code does not need to use this class, you want \MediaWiki\Session\Session. The exceptions are SessionProviders and SessionMetadata hook functions, which get an instance of this class rather than Session.

The reasons for this split are:

  1. A session can be attached to multiple requests, but we want the Session object to have some features that correspond to just one of those requests.
  2. We want reasonable garbage collection behavior, but we also want the SessionManager to hold a reference to every active session so it can be saved when the request ends.
Since
1.27

Definition at line 43 of file SessionBackend.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\SessionBackend::__construct ( SessionId $id,
SessionInfo $info,
SessionStore $sessionStore,
LoggerInterface $logger,
HookContainer $hookContainer,
$lifetime )
Parameters
SessionId$id
SessionInfo$infoSession info to populate from
SessionStore$sessionStore
LoggerInterface$logger
HookContainer$hookContainer
int$lifetimeSession data lifetime in seconds

Definition at line 129 of file SessionBackend.php.

References MediaWiki\Session\SessionInfo\forceHTTPS(), MediaWiki\Session\SessionStore\get(), MediaWiki\Session\SessionId\getId(), MediaWiki\Session\SessionInfo\getId(), MediaWiki\MediaWikiServices\getInstance(), MediaWiki\Session\SessionInfo\getPriority(), MediaWiki\Session\SessionInfo\getProvider(), MediaWiki\Session\SessionInfo\getProviderMetadata(), MediaWiki\Session\SessionInfo\getUserInfo(), MediaWiki\Session\SessionBackend\persist(), MediaWiki\MainConfigNames\PHPSessionHandling, MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().

Member Function Documentation

◆ addData()

MediaWiki\Session\SessionBackend::addData ( array $newData)

Add data to the session.

Overwrites any existing data under the same keys.

Parameters
array$newDataKey-value pairs to add to the session

Definition at line 628 of file SessionBackend.php.

References wfGetAllCallers().

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession().

◆ canSetUser()

MediaWiki\Session\SessionBackend::canSetUser ( )

Whether the session user info can be changed.

Returns
bool

Definition at line 483 of file SessionBackend.php.

◆ delaySave()

MediaWiki\Session\SessionBackend::delaySave ( )

Delay automatic saving while multiple updates are being made.

Calls to save() will not be delayed.

Returns
\Wikimedia\ScopedCallback When this goes out of scope, a save will be triggered

Definition at line 695 of file SessionBackend.php.

◆ deregisterSession()

MediaWiki\Session\SessionBackend::deregisterSession ( $index)

Deregister a Session.

Access: internal
For use by \MediaWiki\Session\Session::__destruct() only
Parameters
int$index

Definition at line 246 of file SessionBackend.php.

◆ dirty()

MediaWiki\Session\SessionBackend::dirty ( )

Mark data as dirty.

Access: internal
For use by \MediaWiki\Session\Session only.

Definition at line 648 of file SessionBackend.php.

References wfGetAllCallers().

◆ getAllowedUserRights()

MediaWiki\Session\SessionBackend::getAllowedUserRights ( )
Access: internal
For PermissionManager
See also
SessionProvider::getAllowedUserRights
Returns
null|string[] Allowed user rights, or null to allow all.

Definition at line 465 of file SessionBackend.php.

◆ getData()

& MediaWiki\Session\SessionBackend::getData ( )

Fetch the session data array.

Note the caller is responsible for calling $this->dirty() if anything in the array is changed.

Access: internal
For use by \MediaWiki\Session\Session only.
Returns
array

Definition at line 617 of file SessionBackend.php.

◆ getId()

MediaWiki\Session\SessionBackend::getId ( )

Return the session ID.

Returns
string

Definition at line 265 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().

◆ getLoggedOutTimestamp()

MediaWiki\Session\SessionBackend::getLoggedOutTimestamp ( )

Fetch the "logged out" timestamp.

Returns
int

Definition at line 556 of file SessionBackend.php.

◆ getProvider()

MediaWiki\Session\SessionBackend::getProvider ( )

Fetch the SessionProvider for this session.

Returns
SessionProviderInterface

Definition at line 334 of file SessionBackend.php.

Referenced by MediaWiki\Session\BotPasswordSessionProvider\getAllowedUserRights(), and MediaWiki\Session\SessionProvider\getAllowedUserRights().

◆ getProviderMetadata()

MediaWiki\Session\SessionBackend::getProviderMetadata ( )

Fetch provider metadata.

Note
For use by SessionProvider subclasses only
Returns
array|null

Definition at line 583 of file SessionBackend.php.

Referenced by MediaWiki\Session\BotPasswordSessionProvider\getAllowedUserRights().

◆ getRequest()

MediaWiki\Session\SessionBackend::getRequest ( $index)

Return the request associated with a Session.

Parameters
int$indexSession index
Returns
WebRequest

Definition at line 446 of file SessionBackend.php.

◆ getRestrictions()

MediaWiki\Session\SessionBackend::getRestrictions ( )
Access: internal
For PermissionManager
See also
SessionProvider::getRestrictions
Returns
MWRestrictions|null

Definition at line 474 of file SessionBackend.php.

◆ getSession()

MediaWiki\Session\SessionBackend::getSession ( WebRequest $request)

Create a new Session for this backend.

Parameters
WebRequest$request
Returns
Session

Definition at line 233 of file SessionBackend.php.

◆ getSessionId()

MediaWiki\Session\SessionBackend::getSessionId ( )

Fetch the SessionId object.

Access: internal
For internal use by WebRequest
Returns
SessionId

Definition at line 275 of file SessionBackend.php.

Referenced by MediaWiki\Session\SessionManager\changeBackendId().

◆ getUser()

MediaWiki\Session\SessionBackend::getUser ( )

Return the authenticated user for this session.

Definition at line 456 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().

◆ isPersistent()

MediaWiki\Session\SessionBackend::isPersistent ( )

Whether this session is persisted across requests.

For example, if cookies are set.

Returns
bool

Definition at line 343 of file SessionBackend.php.

◆ persist()

MediaWiki\Session\SessionBackend::persist ( bool $force = false)

Make this session persisted across requests by calling SessionProvider::persist() and saving the session data and metadata to the session store.

Mutable sessions are started by application code calling persist(), and then the session will exist until unpersist() is called, the session expires, or the client stops sending the session tokens needed by the SessionProvider to return a non-null value from provideSessionInfo(). Immutable sessions are started by the client sending the needed session tokens; persist() / unpersist() will only determine whether the session data is saved to the session store.

If the session is already persistent, persist() equivalent to calling $this->renew(), except when the $force flag is set.

Definition at line 361 of file SessionBackend.php.

Referenced by MediaWiki\Session\SessionBackend\__construct().

◆ renew()

MediaWiki\Session\SessionBackend::renew ( )

Renew the session by re-saving all data with a new TTL.

Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent. No-op otherwise to reduce cookie churn in browsers.

Definition at line 665 of file SessionBackend.php.

References wfGetAllCallers().

◆ resetId()

MediaWiki\Session\SessionBackend::resetId ( )

Change the session ID.

Returns
string New ID (might be the same as the old)

Definition at line 284 of file SessionBackend.php.

References MediaWiki\Session\PHPSessionHandler\isEnabled().

◆ save()

MediaWiki\Session\SessionBackend::save ( $closing = false)

Save the session.

Update both the backend data and the associated WebRequest(s) to reflect the state of the SessionBackend. This might include persisting or unpersisting the session.

Parameters
bool$closingWhether the session is being closed

Definition at line 730 of file SessionBackend.php.

◆ setForceHTTPS()

MediaWiki\Session\SessionBackend::setForceHTTPS ( $force)

Set whether HTTPS should be forced.

Parameters
bool$force

Definition at line 538 of file SessionBackend.php.

◆ setLoggedOutTimestamp()

MediaWiki\Session\SessionBackend::setLoggedOutTimestamp ( $ts = null)
Parameters
int | null$ts

Definition at line 563 of file SessionBackend.php.

◆ setProviderMetadata()

MediaWiki\Session\SessionBackend::setProviderMetadata ( $metadata)
Note
For use by SessionProvider subclasses only
Parameters
array | null$metadata

Definition at line 591 of file SessionBackend.php.

◆ setRememberUser()

MediaWiki\Session\SessionBackend::setRememberUser ( $remember)

Set whether the user should be remembered, independently of the session ID.

Parameters
bool$remember

Definition at line 426 of file SessionBackend.php.

◆ setUser()

MediaWiki\Session\SessionBackend::setUser ( $user)

Set a new User object for this session.

Note
This should only be called when the user has been authenticated via a login process

TODO: Consider changing to a "UserIdentity" instead.

Parameters
User$userUser to set on the session.

Definition at line 496 of file SessionBackend.php.

◆ shouldForceHTTPS()

MediaWiki\Session\SessionBackend::shouldForceHTTPS ( )

Whether HTTPS should be forced.

Returns
bool

Definition at line 530 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\ImmutableSessionProviderWithCookie\persistSession().

◆ shouldRememberUser()

MediaWiki\Session\SessionBackend::shouldRememberUser ( )

Whether the user should be remembered, independently of the session ID.

Returns
bool

Definition at line 417 of file SessionBackend.php.

Referenced by MediaWiki\Session\CookieSessionProvider\persistSession(), and MediaWiki\Session\CookieSessionProvider\setForceHTTPSCookie().

◆ shutdown()

MediaWiki\Session\SessionBackend::shutdown ( )

Shut down a session.

Access: internal
For use by \MediaWiki\Session\SessionManager::shutdown() only

Definition at line 255 of file SessionBackend.php.

◆ suggestLoginUsername()

MediaWiki\Session\SessionBackend::suggestLoginUsername ( $index)
See also
SessionProvider::suggestLoginUsername
Parameters
int$indexSession index
Returns
string|null

Definition at line 519 of file SessionBackend.php.

◆ unpersist()

MediaWiki\Session\SessionBackend::unpersist ( )

Make this session not persisted across requests.

Definition at line 381 of file SessionBackend.php.

References MediaWiki\Session\PHPSessionHandler\isEnabled().

The documentation for this class was generated from the following file: