MediaWiki master
|
This serves as the entry point to the MediaWiki session handling system. More...
Inherits MediaWiki\Session\SessionManagerInterface.
Public Member Functions | |
__construct ( $options=[]) | |
getEmptySession (WebRequest $request=null) | |
Create a new, empty session. | |
getSessionById ( $id, $create=false, WebRequest $request=null) | |
Fetch a session by ID. | |
getSessionForRequest (WebRequest $request) | |
Fetch the session for a request (or a new empty session if none is attached to it) | |
getVaryCookies () | |
Return the list of cookies that need varying on. | |
getVaryHeaders () | |
invalidateSessionsForUser (User $user) | |
Invalidate sessions for a user. | |
setHookContainer (HookContainer $hookContainer) | |
setLogger (LoggerInterface $logger) | |
Static Public Member Functions | |
static | getGlobalSession () |
If PHP's session_id() has been set, returns that session. | |
static | singleton () |
Get the global SessionManager. | |
static | validateSessionId ( $id) |
Validate a session ID. | |
Internal methods | |
static | resetCache () |
Reset the internal caching for unit testing. | |
preventSessionsForUser ( $username) | |
Prevent future sessions for the user. | |
isUserSessionPrevented ( $username) | |
Test if a user is prevented. | |
getProvider ( $name) | |
Get a session provider by name. | |
shutdown () | |
Save all active sessions on shutdown. | |
getSessionFromInfo (SessionInfo $info, WebRequest $request) | |
Create a Session corresponding to the passed SessionInfo. | |
deregisterSessionBackend (SessionBackend $backend) | |
Deregister a SessionBackend. | |
changeBackendId (SessionBackend $backend) | |
Change a SessionBackend's ID. | |
generateSessionId () | |
Generate a new random session ID. | |
setupPHPSessionHandler (PHPSessionHandler $handler) | |
Call setters on a PHPSessionHandler. | |
logPotentialSessionLeakage (Session $session=null) | |
If the same session is suddenly used from a different IP, that's potentially due to a session leak, so log it. | |
getProviders () | |
Get the available SessionProviders. | |
This serves as the entry point to the MediaWiki session handling system.
Most methods here are for internal use by session handling code. Other callers should only use getGlobalSession and the methods of SessionManagerInterface; the rest of the functionality is exposed via MediaWiki\Session\Session methods.
To provide custom session handling, implement a MediaWiki\Session\SessionProvider.
The SessionManager should be configured with a very fast storage system that is optimized for holding key-value pairs. It expects:
The SessionManager uses set()
and delete()
for write operations, which should be synchronous in the local data centre, and replicate asynchronously to any others.
Definition at line 81 of file SessionManager.php.
MediaWiki\Session\SessionManager::__construct | ( | $options = [] | ) |
array | $options |
|
Definition at line 185 of file SessionManager.php.
References MediaWiki\MediaWikiServices\getInstance(), and MediaWiki\MainConfigNames\SessionCacheType.
MediaWiki\Session\SessionManager::changeBackendId | ( | SessionBackend | $backend | ) |
Change a SessionBackend's ID.
SessionBackend | $backend |
Definition at line 981 of file SessionManager.php.
References MediaWiki\Session\SessionBackend\getSessionId().
MediaWiki\Session\SessionManager::deregisterSessionBackend | ( | SessionBackend | $backend | ) |
Deregister a SessionBackend.
SessionBackend | $backend |
Definition at line 963 of file SessionManager.php.
References MediaWiki\Session\SessionBackend\getId(), and MediaWiki\Session\SessionBackend\getSessionId().
MediaWiki\Session\SessionManager::generateSessionId | ( | ) |
MediaWiki\Session\SessionManager::getEmptySession | ( | WebRequest | $request = null | ) |
Create a new, empty session.
The first provider configured that is able to provide an empty session will be used.
WebRequest | null | $request | Corresponding request. Any existing session associated with this WebRequest object will be overwritten. |
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 299 of file SessionManager.php.
|
static |
If PHP's session_id() has been set, returns that session.
Otherwise returns the session for RequestContext::getMain()->getRequest().
Definition at line 144 of file SessionManager.php.
MediaWiki\Session\SessionManager::getProvider | ( | $name | ) |
Get a session provider by name.
Generally, this will only be used by internal implementation of some special session-providing mechanism. General purpose code, if it needs to access a SessionProvider at all, will use Session::getProvider().
string | $name |
Definition at line 510 of file SessionManager.php.
|
protected |
Get the available SessionProviders.
Definition at line 476 of file SessionManager.php.
References MediaWiki\MediaWikiServices\getInstance(), and MediaWiki\MainConfigNames\SessionProviders.
MediaWiki\Session\SessionManager::getSessionById | ( | $id, | |
$create = false, | |||
WebRequest | $request = null ) |
Fetch a session by ID.
string | $id | |
bool | $create | If no session exists for $id, try to create a new one. May still return null if a session for $id exists but cannot be loaded. |
WebRequest | null | $request | Corresponding request. Any existing session associated with this WebRequest object will be overwritten. |
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 258 of file SessionManager.php.
References MediaWiki\Session\SessionInfo\MIN_PRIORITY.
MediaWiki\Session\SessionManager::getSessionForRequest | ( | WebRequest | $request | ) |
Fetch the session for a request (or a new empty session if none is attached to it)
WebRequest | $request | Any existing associated session will be reset to the session corresponding to the data in the request itself. |
\OverflowException if there are multiple sessions tied for top priority in the request. Exception has a property "sessionInfos" holding the SessionInfo objects for the sessions involved.
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 247 of file SessionManager.php.
MediaWiki\Session\SessionManager::getSessionFromInfo | ( | SessionInfo | $info, |
WebRequest | $request ) |
Create a Session corresponding to the passed SessionInfo.
SessionInfo | $info | |
WebRequest | $request |
Definition at line 904 of file SessionManager.php.
References MediaWiki\Session\SessionInfo\getId(), MediaWiki\Session\SessionInfo\isIdSafe(), MW_ENTRY_POINT, MW_NO_SESSION, MediaWiki\MainConfigNames\ObjectCacheSessionExpiry, MediaWiki\Request\WebRequest\setSessionId(), MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().
MediaWiki\Session\SessionManager::getVaryCookies | ( | ) |
Return the list of cookies that need varying on.
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 415 of file SessionManager.php.
References MW_NO_SESSION.
MediaWiki\Session\SessionManager::getVaryHeaders | ( | ) |
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 397 of file SessionManager.php.
References $header, and MW_NO_SESSION.
MediaWiki\Session\SessionManager::invalidateSessionsForUser | ( | User | $user | ) |
Invalidate sessions for a user.
After calling this, existing sessions should be invalid. For mutable session providers, this generally means the user has to log in again; for immutable providers, it generally means the loss of session data.
User | $user |
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 385 of file SessionManager.php.
References MediaWiki\User\User\saveSettings(), and MediaWiki\User\User\setToken().
MediaWiki\Session\SessionManager::isUserSessionPrevented | ( | $username | ) |
Test if a user is prevented.
string | $username |
Definition at line 468 of file SessionManager.php.
MediaWiki\Session\SessionManager::logPotentialSessionLeakage | ( | Session | $session = null | ) |
If the same session is suddenly used from a different IP, that's potentially due to a session leak, so log it.
In the vast majority of cases it is a false positive due to a user switching connections, but we are interested in an audit track where we can look up a specific username, so a noisy log is fine. Also log changes to the mwuser cookie, an analytics cookie set by mediawiki.user.js which should be a little less noisy.
Session | null | $session | For testing only |
Definition at line 1063 of file SessionManager.php.
References MediaWiki\MediaWikiServices\getInstance(), and MediaWiki\MainConfigNames\SuspiciousIpExpiry.
MediaWiki\Session\SessionManager::preventSessionsForUser | ( | $username | ) |
Prevent future sessions for the user.
The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the prevention of access).
string | $username |
Definition at line 453 of file SessionManager.php.
|
static |
Reset the internal caching for unit testing.
Definition at line 1025 of file SessionManager.php.
MediaWiki\Session\SessionManager::setHookContainer | ( | HookContainer | $hookContainer | ) |
HookContainer | $hookContainer |
Definition at line 242 of file SessionManager.php.
MediaWiki\Session\SessionManager::setLogger | ( | LoggerInterface | $logger | ) |
Definition at line 234 of file SessionManager.php.
MediaWiki\Session\SessionManager::setupPHPSessionHandler | ( | PHPSessionHandler | $handler | ) |
Call setters on a PHPSessionHandler.
PHPSessionHandler | $handler |
Definition at line 1016 of file SessionManager.php.
References MediaWiki\Session\PHPSessionHandler\setManager().
MediaWiki\Session\SessionManager::shutdown | ( | ) |
Save all active sessions on shutdown.
Definition at line 519 of file SessionManager.php.
|
static |
|
static |
Validate a session ID.
string | $id |
Definition at line 436 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionInfo\__construct(), MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie(), and MediaWiki\Session\CookieSessionProvider\provideSessionInfo().