blob: 6980a64082ae558a773320508bd89db789f009f3 (
plain) (
tree)
|
|
<?php
namespace Zotlabs\Web;
class SessionHandler implements \SessionHandlerInterface {
function open ($s, $n) {
return true;
}
// IMPORTANT: if we read the session and it doesn't exist, create an empty record.
// We rely on this due to differing PHP implementation of session_regenerate_id()
// some which call read explicitly and some that do not. So we call it explicitly
// just after sid regeneration to force a record to exist.
function read ($id) {
if($id) {
$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
if($r) {
return $r[0]['data'];
}
else {
q("INSERT INTO `session` (sid, expire) values ('%s', '%s')",
dbesc($id),
dbesc(time() + 300)
);
}
}
return '';
}
function write ($id, $data) {
if(! $id || ! $data) {
return false;
}
// Unless we authenticate somehow, only keep a session for 5 minutes
// The viewer can extend this by performing any web action using the
// original cookie, but this allows us to cleanup the hundreds or
// thousands of empty sessions left around from web crawlers which are
// assigned cookies on each page that they never use.
$expire = time() + 300;
if($_SESSION) {
if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
$expire = time() + (60 * 60 * 24 * 365);
elseif(local_channel())
$expire = time() + (60 * 60 * 24 * 3);
elseif(remote_channel())
$expire = time() + (60 * 60 * 24 * 1);
}
q("UPDATE `session`
SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
dbesc($data),
dbesc($expire),
dbesc($id)
);
return true;
}
function close() {
return true;
}
function destroy ($id) {
q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
return true;
}
function gc($expire) {
q("DELETE FROM session WHERE expire < %d", dbesc(time()));
return true;
}
}
|