This serves as the entry point to the MediaWiki session handling system. More...
Public Member Functions | |
| __construct ( $options=[]) | |
| getEmptySession (WebRequest $request=null) | |
| Create a new, empty session. More... | |
| getSessionById ( $id, $create=false, WebRequest $request=null) | |
| Fetch a session by ID. More... | |
| getSessionForRequest (WebRequest $request) | |
| Fetch the session for a request (or a new empty session if none is attached to it) More... | |
| getVaryCookies () | |
| Return the list of cookies that need varying on. More... | |
| getVaryHeaders () | |
| Return the HTTP headers that need varying on. More... | |
| invalidateSessionsForUser (User $user) | |
| Invalidate sessions for a user. More... | |
| setHookContainer (HookContainer $hookContainer) | |
| setLogger (LoggerInterface $logger) | |
Static Public Member Functions | |
| static | getGlobalSession () |
| Get the "global" session. More... | |
| static | singleton () |
| Get the global SessionManager. More... | |
| static | validateSessionId ( $id) |
| Validate a session ID. More... | |
Private Member Functions | |
| getEmptySessionInternal (WebRequest $request=null, $id=null) | |
Private Attributes | |
| SessionBackend[] | $allSessionBackends = [] |
| SessionId[] | $allSessionIds = [] |
| Config | $config |
| HookContainer | $hookContainer |
| HookRunner | $hookRunner |
| LoggerInterface | $logger |
| string[] | $preventUsers = [] |
| SessionProvider[] | $sessionProviders = null |
| CachedBagOStuff null | $store |
| string[] | $varyCookies = null |
| array | $varyHeaders = null |
Static Private Attributes | |
| static Session null | $globalSession = null |
| static WebRequest null | $globalSessionRequest = null |
| static SessionManager null | $instance = null |
Internal methods | |
| static | resetCache () |
| Reset the internal caching for unit testing. More... | |
| preventSessionsForUser ( $username) | |
| Prevent future sessions for the user. More... | |
| isUserSessionPrevented ( $username) | |
| Test if a user is prevented. More... | |
| getProvider ( $name) | |
| Get a session provider by name. More... | |
| shutdown () | |
| Save all active sessions on shutdown. More... | |
| getSessionFromInfo (SessionInfo $info, WebRequest $request) | |
| Create a Session corresponding to the passed SessionInfo. More... | |
| deregisterSessionBackend (SessionBackend $backend) | |
| Deregister a SessionBackend. More... | |
| changeBackendId (SessionBackend $backend) | |
| Change a SessionBackend's ID. More... | |
| generateSessionId () | |
| Generate a new random session ID. More... | |
| setupPHPSessionHandler (PHPSessionHandler $handler) | |
| Call setters on a PHPSessionHandler. More... | |
| getSessionInfoForRequest (WebRequest $request) | |
| Fetch the SessionInfo(s) for a request. More... | |
| loadSessionInfoFromStore (SessionInfo &$info, WebRequest $request) | |
| Load and verify the session info against the store. More... | |
| getProviders () | |
| Get the available SessionProviders. More... | |
Detailed Description
This serves as the entry point to the MediaWiki session handling system.
Most methods here are for internal use by session handling code. Other callers should only use getGlobalSession and the methods of SessionManagerInterface; the rest of the functionality is exposed via MediaWiki\Session\Session methods.
To provide custom session handling, implement a MediaWiki\Session\SessionProvider.
- Since
- 1.27
Definition at line 52 of file SessionManager.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Session\SessionManager::__construct | ( | $options = [] | ) |
- Parameters
-
array $options
Definition at line 155 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$store, ObjectCache\getInstance(), MediaWiki\MediaWikiServices\getInstance(), MediaWiki\Session\SessionManager\setHookContainer(), and MediaWiki\Session\SessionManager\setLogger().
Member Function Documentation
◆ changeBackendId()
| MediaWiki\Session\SessionManager::changeBackendId | ( | SessionBackend | $backend | ) |
Change a SessionBackend's ID.
Definition at line 917 of file SessionManager.php.
References MediaWiki\Session\SessionManager\generateSessionId(), and MediaWiki\Session\SessionBackend\getSessionId().
◆ deregisterSessionBackend()
| MediaWiki\Session\SessionManager::deregisterSessionBackend | ( | SessionBackend | $backend | ) |
Deregister a SessionBackend.
Definition at line 899 of file SessionManager.php.
References MediaWiki\Session\SessionBackend\getId(), and MediaWiki\Session\SessionBackend\getSessionId().
◆ generateSessionId()
| MediaWiki\Session\SessionManager::generateSessionId | ( | ) |
Generate a new random session ID.
- Returns
- string
Definition at line 939 of file SessionManager.php.
References MWCryptRand\generateHex().
Referenced by MediaWiki\Session\SessionManager\changeBackendId().
◆ getEmptySession()
| MediaWiki\Session\SessionManager::getEmptySession | ( | WebRequest | $request = null | ) |
Create a new, empty session.
The first provider configured that is able to provide an empty session will be used.
- Parameters
-
WebRequest | null $request Corresponding request. Any existing session associated with this WebRequest object will be overwritten.
- Returns
- Session
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 267 of file SessionManager.php.
References MediaWiki\Session\SessionManager\getEmptySessionInternal().
Referenced by MediaWiki\Session\SessionManager\getSessionForRequest().
◆ getEmptySessionInternal()
|
private |
- Parameters
-
WebRequest | null $request string | null $id ID to force on the new session
- Returns
- Session
Definition at line 277 of file SessionManager.php.
References MediaWiki\Session\SessionInfo\compare(), MediaWiki\Session\SessionManager\getProviders(), and MediaWiki\Session\SessionManager\getSessionFromInfo().
Referenced by MediaWiki\Session\SessionManager\getEmptySession(), and MediaWiki\Session\SessionManager\getSessionById().
◆ getGlobalSession()
|
static |
Get the "global" session.
If PHP's session_id() has been set, returns that session. Otherwise returns the session for RequestContext::getMain()->getRequest().
- Returns
- Session
Definition at line 114 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$globalSession, RequestContext\getMain(), MediaWiki\Session\PHPSessionHandler\isEnabled(), and MediaWiki\Session\SessionManager\singleton().
Referenced by MediaWiki\Auth\RememberMeAuthenticationRequest\__construct(), MediaWiki\Session\SessionBackend\checkPHPSession(), ApiLogout\execute(), ApiLogin\execute(), RequestContext\exportSession(), MediaWiki\Permissions\PermissionManager\isEveryoneAllowed(), SpecialUserLogout\onSubmit(), RawAction\onView(), SubmitAction\show(), and McrUndoAction\show().
◆ getProvider()
| MediaWiki\Session\SessionManager::getProvider | ( | $name | ) |
Get a session provider by name.
Generally, this will only be used by internal implementation of some special session-providing mechanism. General purpose code, if it needs to access a SessionProvider at all, will use Session::getProvider().
- Parameters
-
string $name
- Returns
- SessionProvider|null
Definition at line 460 of file SessionManager.php.
References MediaWiki\Session\SessionManager\getProviders().
Referenced by MediaWiki\Session\SessionManager\loadSessionInfoFromStore().
◆ getProviders()
|
protected |
Get the available SessionProviders.
- Returns
- SessionProvider[]
Definition at line 430 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$sessionProviders, MediaWiki\Session\SessionProvider\setConfig(), MediaWiki\Session\SessionProvider\setHookContainer(), MediaWiki\Session\SessionProvider\setLogger(), and MediaWiki\Session\SessionProvider\setManager().
Referenced by MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getProvider(), MediaWiki\Session\SessionManager\getSessionInfoForRequest(), MediaWiki\Session\SessionManager\getVaryCookies(), MediaWiki\Session\SessionManager\getVaryHeaders(), MediaWiki\Session\SessionManager\invalidateSessionsForUser(), and MediaWiki\Session\SessionManager\preventSessionsForUser().
◆ getSessionById()
| MediaWiki\Session\SessionManager::getSessionById | ( | $id, | |
$create = false, |
|||
| WebRequest | $request = null |
||
| ) |
Fetch a session by ID.
- Parameters
-
string $id bool $create If no session exists for $id, try to create a new one. May still return null if a session for $id exists but cannot be loaded. WebRequest | null $request Corresponding request. Any existing session associated with this WebRequest object will be overwritten.
- Returns
- Session|null
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 225 of file SessionManager.php.
References MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getSessionFromInfo(), MediaWiki\Session\SessionManager\loadSessionInfoFromStore(), and MediaWiki\Session\SessionInfo\MIN_PRIORITY.
◆ getSessionForRequest()
| MediaWiki\Session\SessionManager::getSessionForRequest | ( | WebRequest | $request | ) |
Fetch the session for a request (or a new empty session if none is attached to it)
- Note
- You probably want to use $request->getSession() instead. It's more efficient and doesn't break FauxRequests or sessions that were changed by $this->getSessionById() or $this->getEmptySession().
- Parameters
-
WebRequest $request Any existing associated session will be reset to the session corresponding to the data in the request itself.
- Returns
- Session
- Exceptions
-
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 214 of file SessionManager.php.
References MediaWiki\Session\SessionManager\getEmptySession(), MediaWiki\Session\SessionManager\getSessionFromInfo(), and MediaWiki\Session\SessionManager\getSessionInfoForRequest().
◆ getSessionFromInfo()
| MediaWiki\Session\SessionManager::getSessionFromInfo | ( | SessionInfo | $info, |
| WebRequest | $request | ||
| ) |
Create a Session corresponding to the passed SessionInfo.
Definition at line 841 of file SessionManager.php.
References MediaWiki\Session\SessionInfo\getId(), MediaWiki\Session\SessionInfo\isIdSafe(), MW_NO_SESSION, WebRequest\setSessionId(), MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().
Referenced by MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getSessionById(), and MediaWiki\Session\SessionManager\getSessionForRequest().
◆ getSessionInfoForRequest()
|
private |
Fetch the SessionInfo(s) for a request.
- Parameters
-
WebRequest $request
- Returns
- SessionInfo|null
Definition at line 488 of file SessionManager.php.
References MediaWiki\Session\SessionInfo\compare(), MediaWiki\Session\SessionManager\getProviders(), and MediaWiki\Session\SessionManager\loadSessionInfoFromStore().
Referenced by MediaWiki\Session\SessionManager\getSessionForRequest().
◆ getVaryCookies()
| MediaWiki\Session\SessionManager::getVaryCookies | ( | ) |
Return the list of cookies that need varying on.
- Returns
- string[]
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 367 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$varyCookies, MediaWiki\Session\SessionManager\getProviders(), and MW_NO_SESSION.
◆ getVaryHeaders()
| MediaWiki\Session\SessionManager::getVaryHeaders | ( | ) |
Return the HTTP headers that need varying on.
The return value is such that someone could theoretically do this:
Note that the $options argument to OutputPage::addVaryHeader() has been deprecated and should always be null.
- Returns
- array
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 346 of file SessionManager.php.
References $header, MediaWiki\Session\SessionManager\$varyHeaders, MediaWiki\Session\SessionManager\getProviders(), and MW_NO_SESSION.
◆ invalidateSessionsForUser()
| MediaWiki\Session\SessionManager::invalidateSessionsForUser | ( | User | $user | ) |
Invalidate sessions for a user.
After calling this, existing sessions should be invalid. For mutable session providers, this generally means the user has to log in again; for immutable providers, it generally means the loss of session data.
- Parameters
-
User $user
Implements MediaWiki\Session\SessionManagerInterface.
Definition at line 337 of file SessionManager.php.
References MediaWiki\Session\SessionManager\getProviders(), User\saveSettings(), and User\setToken().
◆ isUserSessionPrevented()
| MediaWiki\Session\SessionManager::isUserSessionPrevented | ( | $username | ) |
Test if a user is prevented.
Definition at line 422 of file SessionManager.php.
◆ loadSessionInfoFromStore()
|
private |
Load and verify the session info against the store.
- Parameters
-
SessionInfo &$info Will likely be replaced with an updated SessionInfo instance WebRequest $request
- Returns
- bool Whether the session info matches the stored data (if any)
Definition at line 551 of file SessionManager.php.
References $blob, MediaWiki\Session\SessionInfo\forceHTTPS(), MediaWiki\Session\SessionInfo\forceUse(), MediaWiki\Session\MetadataMergeException\getContext(), MediaWiki\Session\SessionInfo\getId(), MediaWiki\Session\SessionInfo\getPriority(), MediaWiki\Session\SessionInfo\getProvider(), MediaWiki\Session\SessionManager\getProvider(), MediaWiki\Session\SessionInfo\getProviderMetadata(), MediaWiki\Session\SessionInfo\getUserInfo(), MediaWiki\Session\SessionInfo\isIdSafe(), MediaWiki\Session\UserInfo\newAnonymous(), MediaWiki\Session\UserInfo\newFromId(), MediaWiki\Session\UserInfo\newFromName(), MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().
Referenced by MediaWiki\Session\SessionManager\getSessionById(), and MediaWiki\Session\SessionManager\getSessionInfoForRequest().
◆ preventSessionsForUser()
| MediaWiki\Session\SessionManager::preventSessionsForUser | ( | $username | ) |
Prevent future sessions for the user.
The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the prevention of access).
Definition at line 407 of file SessionManager.php.
References MediaWiki\Session\SessionManager\getProviders().
◆ resetCache()
|
static |
Reset the internal caching for unit testing.
- Note
- Unit tests only
Definition at line 961 of file SessionManager.php.
◆ setHookContainer()
| MediaWiki\Session\SessionManager::setHookContainer | ( | HookContainer | $hookContainer | ) |
Definition at line 209 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$hookContainer.
Referenced by MediaWiki\Session\SessionManager\__construct().
◆ setLogger()
| MediaWiki\Session\SessionManager::setLogger | ( | LoggerInterface | $logger | ) |
Definition at line 201 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$logger.
Referenced by MediaWiki\Session\SessionManager\__construct().
◆ setupPHPSessionHandler()
| MediaWiki\Session\SessionManager::setupPHPSessionHandler | ( | PHPSessionHandler | $handler | ) |
Call setters on a PHPSessionHandler.
Definition at line 952 of file SessionManager.php.
References MediaWiki\Session\PHPSessionHandler\setManager().
◆ shutdown()
| MediaWiki\Session\SessionManager::shutdown | ( | ) |
Save all active sessions on shutdown.
Definition at line 469 of file SessionManager.php.
◆ singleton()
|
static |
Get the global SessionManager.
- Returns
- self
Definition at line 99 of file SessionManager.php.
References MediaWiki\Session\SessionManager\$instance.
Referenced by MediaWiki\Session\SessionManager\getGlobalSession(), RequestContext\importScopedSession(), and BotPassword\login().
◆ validateSessionId()
|
static |
Validate a session ID.
- Parameters
-
string $id
- Returns
- bool
Definition at line 389 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionInfo\__construct(), MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie(), and MediaWiki\Session\CookieSessionProvider\provideSessionInfo().
Member Data Documentation
◆ $allSessionBackends
|
private |
Definition at line 87 of file SessionManager.php.
◆ $allSessionIds
|
private |
Definition at line 90 of file SessionManager.php.
◆ $config
|
private |
Definition at line 72 of file SessionManager.php.
◆ $globalSession
|
staticprivate |
Definition at line 57 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\getGlobalSession().
◆ $globalSessionRequest
|
staticprivate |
Definition at line 60 of file SessionManager.php.
◆ $hookContainer
|
private |
Definition at line 66 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\setHookContainer().
◆ $hookRunner
|
private |
Definition at line 69 of file SessionManager.php.
◆ $instance
|
staticprivate |
Definition at line 54 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\singleton().
◆ $logger
|
private |
Definition at line 63 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\setLogger().
◆ $preventUsers
|
private |
Definition at line 93 of file SessionManager.php.
◆ $sessionProviders
|
private |
Definition at line 78 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\getProviders().
◆ $store
|
private |
Definition at line 75 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\__construct().
◆ $varyCookies
|
private |
Definition at line 81 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\getVaryCookies().
◆ $varyHeaders
|
private |
Definition at line 84 of file SessionManager.php.
Referenced by MediaWiki\Session\SessionManager\getVaryHeaders().
The documentation for this class was generated from the following file:
- includes/session/SessionManager.php
