<?php namespace Zotlabs\Web; class SessionHandler implements \SessionHandlerInterface { function open ($s, $n) { return true; } // IMPORTANT: if we read the session and it doesn't exist, create an empty record. // We rely on this due to differing PHP implementation of session_regenerate_id() // some which call read explicitly and some that do not. So we call it explicitly // just after sid regeneration to force a record to exist. function read ($id) { if($id) { $r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); if($r) { return $r[0]['sess_data']; } else { q("INSERT INTO `session` (sid, expire) values ('%s', '%s')", dbesc($id), dbesc(time() + 300) ); } } return ''; } function write ($id, $data) { if(! $id || ! $data) { return false; } // Unless we authenticate somehow, only keep a session for 5 minutes // The viewer can extend this by performing any web action using the // original cookie, but this allows us to cleanup the hundreds or // thousands of empty sessions left around from web crawlers which are // assigned cookies on each page that they never use. $expire = time() + 300; if($_SESSION) { if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me'])) $expire = time() + (60 * 60 * 24 * 365); elseif(local_channel()) $expire = time() + (60 * 60 * 24 * 3); elseif(remote_channel()) $expire = time() + (60 * 60 * 24 * 1); } q("UPDATE `session` SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", dbesc($data), dbesc($expire), dbesc($id) ); return true; } function close() { return true; } function destroy ($id) { q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id)); return true; } function gc($expire) { q("DELETE FROM session WHERE expire < %d", dbesc(time())); return true; } }