1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
<?php
namespace Zotlabs\Web;
/**
*
* @brief This file includes session related functions.
*
* Session management functions. These provide database storage of PHP
* session info.
*/
class Session {
private static $handler = null;
function init() {
$gc_probability = 50;
ini_set('session.gc_probability', $gc_probability);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
/*
* Set our session storage functions.
*/
$handler = new \Zotlabs\Web\SessionHandler();
self::$handler = $handler;
$x = session_set_save_handler($handler,true);
if(! $x)
logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
// Force cookies to be secure (https only) if this site is SSL enabled.
// Must be done before session_start().
if(intval(\App::$config['system']['ssl_cookie_protection'])) {
$arr = session_get_cookie_params();
session_set_cookie_params(
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
((isset($arr['path'])) ? $arr['path'] : '/'),
((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
((isset($arr['httponly'])) ? $arr['httponly'] : true)
);
}
}
function start() {
session_start();
}
/**
* @brief Resets the current session.
*
* @return void
*/
function nuke() {
self::new_cookie(0); // 0 means delete on browser exit
if($_SESSION && count($_SESSION)) {
foreach($_SESSION as $k => $v) {
unset($_SESSION[$k]);
}
}
}
function new_cookie($xtime) {
$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
$old_sid = session_id();
session_regenerate_id(false);
if(self::$handler) {
$v = q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
dbesc(session_id()),
dbesc($old_sid)
);
}
else
logger('no session handler');
if (x($_COOKIE, 'jsAvailable')) {
setcookie('jsAvailable', $_COOKIE['jsAvailable'], $newxtime);
}
setcookie(session_name(),session_id(),$newxtime);
}
}
|
