From 8972ca8134c16039c03ad83d26b75b9e9e21d7ea Mon Sep 17 00:00:00 2001
From: "DM42.Net (Matt Dent)" <dentm42@dm42.net>
Date: Mon, 28 Jan 2019 14:20:46 -0500
Subject: Make session handler pluggable

---
 Zotlabs/Web/Session.php | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

(limited to 'Zotlabs/Web/Session.php')

diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index 4f2a3f1f7..1ba120fa9 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -15,6 +15,7 @@ class Session {
 
 	private $handler = null;
 	private $session_started = false;
+	private $custom_handler = false;
 
 	public function init() {
 
@@ -28,13 +29,20 @@ class Session {
 		 * Set our session storage functions.
 		 */
 
-		$handler = new \Zotlabs\Web\SessionHandler();
+		$custom_handler = $this->custom_handler;
+		call_hook('custom_session_handler',$custom_handler);
+		$this->custom_handler = $custom_handler;
 
-		$this->handler = $handler;
 
-		$x = session_set_save_handler($handler,false);
-		if(! $x)
-			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
+		if (!$this->custom_handler) {
+			$handler = new \Zotlabs\Web\SessionHandler();
+
+			$this->handler = $handler;
+
+			$x = session_set_save_handler($handler,false);
+			if(! $x)
+				logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
+		}	
 
 		// Force cookies to be secure (https only) if this site is SSL enabled. 
 		// Must be done before session_start().
@@ -86,14 +94,17 @@ class Session {
 
 		$arr = session_get_cookie_params();
 
-		if($this->handler && $this->session_started) {
+		if(($this->handler || $this->custom_handler) && $this->session_started) {
 
 			session_regenerate_id(true);
 
-			// force SessionHandler record creation with the new session_id
-			// which occurs as a side effect of read()
+			if (!$this->custom_handler) {
+				// force SessionHandler record creation with the new session_id
+				// which occurs as a side effect of read() since not all implementations
+				// of session_regenerate_id() call read().
 
-			$this->handler->read(session_id());
+				$this->handler->read(session_id());
+			}
 		}
 		else 
 			logger('no session handler');
-- 
cgit v1.2.3