aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web/Session.php
blob: 494c02b1da38f2cbe3b702a7cc369cda15b0c321 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php

namespace Zotlabs\Web;

/**
 *
 * @brief This file includes session related functions.
 *
 * Session management functions. These provide database storage of PHP
 * session info.
 */


class Session {

	function init() {

		$gc_probability = 50;

		ini_set('session.gc_probability', $gc_probability);
		ini_set('session.use_only_cookies', 1);
		ini_set('session.cookie_httponly', 1);
	
		/*
		 * Set our session storage functions.
		 */

		$handler = new \Zotlabs\Web\SessionHandler();

		$x = session_set_save_handler($handler,true);
		if(! $x)
			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);

		// Force cookies to be secure (https only) if this site is SSL enabled. 
		// Must be done before session_start().

	    if(intval(\App::$config['system']['ssl_cookie_protection'])) {
	        $arr = session_get_cookie_params();
    	    session_set_cookie_params(
        	    ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
            	((isset($arr['path']))      ? $arr['path']     : '/'),
	            ((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
    	        ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
        	    ((isset($arr['httponly']))  ? $arr['httponly'] : true)
			);
    	}
	}

	function start() {
		session_start();
	}

	/**
	 * @brief Resets the current session.
	 *
	 * @return void
	 */

	function nuke() {
		self::new_cookie(0); // 0 means delete on browser exit
		if($_SESSION && count($_SESSION)) {
			foreach($_SESSION as $k => $v) {
				unset($_SESSION[$k]);
			}
		}
	}



	function new_cookie($time) {

		$old_sid = session_id();

		session_regenerate_id(false);

		q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
			dbesc(session_id()),
			dbesc($old_sid)
		);

		if (x($_COOKIE, 'jsAvailable')) {
			if ($time) {
				$expires = time() + $time;
			} else {
				$expires = 0;
			}
			setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
		}
		setcookie(session_name(),session_id(),$expires);
	}


}