aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Web/Session.php36
-rw-r--r--Zotlabs/Web/SessionRedis.php123
2 files changed, 146 insertions, 13 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index fe0a3fbf9..6f92a0319 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -29,34 +29,44 @@ class Session {
/*
* Set our session storage functions.
*/
-
+
if($this->custom_handler) {
/* Custom handler (files, memached, redis..) */
$session_save_handler = strval(get_config('system', 'session_save_handler', Null));
$session_save_path = strval(get_config('system', 'session_save_path', Null));
- $session_gc_probability = intval(get_config('system', 'session_gc_probability', 1));
- $session_gc_divisor = intval(get_config('system', 'session_gc_divisor', 100));
- if(!$session_save_handler || !$session_save_path) {
- logger('Session save handler or path not set.',LOGGER_NORMAL,LOG_ERR);
+
+ if(is_null($session_save_handler) || is_null($session_save_path)) {
+ logger('Session save handler or path not set', LOGGER_NORMAL, LOG_ERR);
}
else {
- ini_set('session.save_handler', $session_save_handler);
- ini_set('session.save_path', $session_save_path);
- ini_set('session.gc_probability', $session_gc_probability);
- ini_set('session.gc_divisor', $session_gc_divisor);
+ // Check if custom sessions backend exists
+ $clsname = '\Zotlabs\Web\Session' . ucfirst(strtolower($session_save_handler));
+ if (class_exists($clsname)) {
+ $handler = new $clsname($session_save_path);
+ }
+ else {
+ ini_set('session.save_handler', $session_save_handler);
+ ini_set('session.save_path', $session_save_path);
+ ini_set('session.gc_probability', intval(get_config('system', 'session_gc_probability', 1)));
+ ini_set('session.gc_divisor', intval(get_config('system', 'session_gc_divisor', 100)));
+ }
}
}
else {
- $handler = new \Zotlabs\Web\SessionHandler();
+ $handler = new SessionHandler();
+ }
+
+ if (isset($handler)) {
$this->handler = $handler;
- $x = session_set_save_handler($handler,false);
- if(! $x)
- logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
+ $x = session_set_save_handler($handler, false);
+ if(! $x)
+ logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
}
+
// Force cookies to be secure (https only) if this site is SSL enabled.
// Must be done before session_start().
diff --git a/Zotlabs/Web/SessionRedis.php b/Zotlabs/Web/SessionRedis.php
new file mode 100644
index 000000000..b4f5d54b3
--- /dev/null
+++ b/Zotlabs/Web/SessionRedis.php
@@ -0,0 +1,123 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class SessionRedis implements \SessionHandlerInterface {
+
+ private $redis = null;
+
+
+ function __construct($connection) {
+
+ $this->redis = new \Redis();
+
+ $credentials = parse_url($connection);
+
+ try {
+ if (isset($credentials['path']))
+ $this->redis->connect($credentials['path']);
+ else {
+
+ if (isset($credentials['query']))
+ $vars = parse_str($credentials['query']);
+ else
+ $vars = [];
+
+ $this->redis->connect(
+ (isset($credentials['scheme']) ? $credentials['scheme'] . '://' : '') . $credentials['host'],
+ (isset($credentials['port']) ? $credentials['port'] : 6379),
+ (isset($vars['timeout']) ? $vars['timeout'] : 1),
+ null,
+ 0,
+ (isset($vars['read_timeout']) ? $vars['read_timeout'] : 0)
+ );
+
+ if (isset($vars['auth']))
+ $this->redis->auth($vars['auth']);
+ }
+ }
+ catch(\RedisException $ex) {
+ logger('Error connecting to Redis: ' . $ex->getMessage());
+ }
+ }
+
+
+ function open($s, $n) {
+
+ return true;
+ }
+
+ // IMPORTANT: if we read the session and it doesn't exist, create an empty record.
+ // We rely on this due to differing PHP implementation of session_regenerate_id()
+ // some which call read explicitly and some that do not. So we call it explicitly
+ // just after sid regeneration to force a record to exist.
+
+ function read($id) {
+
+ if ($id) {
+ $data = $this->redis->get($id);
+
+ if ($data)
+ return $data;
+ else
+ $this->redis->setEx($id, 300, '');
+ }
+
+ return '';
+ }
+
+
+ function write($id, $data) {
+
+ // Pretend everything is hunky-dory, even though it isn't.
+ // There probably isn't anything we can do about it in any event.
+ // See: https://stackoverflow.com/a/43636110
+
+ if(! $id || ! $data)
+ return true;
+
+
+ // Unless we authenticate somehow, only keep a session for 5 minutes
+ // The viewer can extend this by performing any web action using the
+ // original cookie, but this allows us to cleanup the hundreds or
+ // thousands of empty sessions left around from web crawlers which are
+ // assigned cookies on each page that they never use.
+
+ $expire = 300;
+
+ if($_SESSION) {
+ if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
+ $expire = 60 * 60 * 24 * 365;
+ elseif(local_channel())
+ $expire = 60 * 60 * 24 * 3;
+ elseif(remote_channel())
+ $expire = 60 * 60 * 24 * 1;
+ }
+
+ $this->redis->setEx($id, $expire, $data);
+
+ return true;
+ }
+
+
+ function close() {
+
+ return true;
+ }
+
+
+ function destroy ($id) {
+
+ $this->redis->del($id);
+
+ return true;
+ }
+
+
+ function gc($expire) {
+
+ return true;
+ }
+
+}