aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web/SessionHandler.php
blob: 392cab1aeca324bfe140c9d450b4d403ed6463f5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php

namespace Zotlabs\Web;


class SessionHandler implements \SessionHandlerInterface {


	function open ($s, $n) : bool {
		return true;
	}

	// IMPORTANT: if we read the session and it doesn't exist, create an empty record.
	// We rely on this due to differing PHP implementation of session_regenerate_id()
	// some which call read explicitly and some that do not. So we call it explicitly
	// just after sid regeneration to force a record to exist.

	function read ($id) : string|false {

		if($id) {
			$r = q("SELECT sess_data FROM session WHERE sid= '%s'", dbesc($id));

			if($r) {
				return $r[0]['sess_data'];
			}
			else {
				q("INSERT INTO session (sess_data, sid, expire) values ('%s', '%s', '%s')",
					dbesc(''),
					dbesc($id),
					dbesc(time() + 300)
				);
			}
		}

		return '';
	}


	function write ($id, $data) : bool {

		// Pretend everything is hunky-dory, even though it isn't.
		// There probably isn't anything we can do about it in any event.
		// See: https://stackoverflow.com/a/43636110

		if(! $id || ! $data) {
			return true;
		}


		// Unless we authenticate somehow, only keep a session for 5 minutes
		// The viewer can extend this by performing any web action using the
		// original cookie, but this allows us to cleanup the hundreds or
		// thousands of empty sessions left around from web crawlers which are
		// assigned cookies on each page that they never use.

		$expire = time() + 300;

		if($_SESSION) {
			if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
				$expire = time() + (60 * 60 * 24 * 365);
			elseif(local_channel())
				$expire = time() + (60 * 60 * 24 * 3);
			elseif(remote_channel())
				$expire = time() + (60 * 60 * 24 * 1);
		}

		q("UPDATE session
			SET sess_data = '%s', expire = '%s' WHERE sid = '%s'",
			dbesc($data),
			dbesc($expire),
			dbesc($id)
		);

		return true;
	}


	function close() : bool {
		return true;
	}


	function destroy ($id) : bool {
		q("DELETE FROM session WHERE sid = '%s'", dbesc($id));
		return true;
	}


	function gc($expire) : int|false {
		q("DELETE FROM session WHERE expire < %d", dbesc(time()));
		return true;
	}

}