DefaultSession.php
1 <?php
2 /**
3  * wCMF - wemove Content Management Framework
4  * Copyright (C) 2005-2020 wemove digital solutions GmbH
5  *
6  * Licensed under the terms of the MIT License.
7  *
8  * See the LICENSE file distributed with this work for
9  * additional information.
10  */
11 namespace wcmf\lib\core\impl;
12 
13 use wcmf\lib\config\Configuration;
14 use wcmf\lib\core\Session;
15 use wcmf\lib\security\principal\impl\AnonymousUser;
16 use wcmf\lib\util\StringUtil;
17 use wcmf\lib\util\URIUtil;
18 
19 /**
20  * DefaultSession uses the default PHP session implementation:
21  * - server side storage
22  * - session id sent as a cookie to the client
23  *
24  * @author ingo herwig <ingo@wemove.com>
25  */
26 class DefaultSession implements Session {
27 
28  const AUTH_USER_NAME = 'auth_user';
29 
30  private $cookiePrefix = '';
31 
32  /**
33  * Constructor
34  * @param $configuration
35  */
36  public function __construct(Configuration $configuration) {
37  // NOTE: prevent "headers already sent" errors in phpunit tests
38  if (!headers_sent()) {
39  // session configuration
40  ini_set('session.cookie_lifetime', 0);
41  ini_set('session.use_cookies', 1);
42  ini_set('session.use_only_cookies', 1);
43  ini_set('session.use_strict_mode', 1);
44  ini_set('session.cookie_httponly', 1);
45  ini_set('session.cookie_secure', (URIUtil::isHttps() ? 1 : 0));
46  ini_set('session.use_trans_sid', 0);
47  ini_set('session.cache_limiter', 'nocache');
48  ini_set('session.hash_function', 1);
49  if (in_array('sha256', hash_algos())) {
50  ini_set('session.hash_function', 'sha256');
51  }
52  $this->cookiePrefix = strtolower(StringUtil::slug($configuration->getValue('title', 'application')));
53 
54  session_name($this->getCookieName());
55  }
56  }
57 
58  public function __destruct() {
59  session_write_close();
60  }
61 
62  /**
63  * @see Session::isStarted()
64  */
65  public function isStarted() {
66  return isset($_COOKIE[$this->getCookieName()]);
67  }
68 
69  /**
70  * @see Session::getID()
71  */
72  public function getID() {
73  return session_id();
74  }
75 
76  /**
77  * @see Session::get()
78  */
79  public function get($key, $default=null) {
80  $this->start();
81  $value = $default;
82  if (isset($_SESSION[$key])) {
83  $value = $_SESSION[$key];
84  }
85  return $value;
86  }
87 
88  /**
89  * @see Session::set()
90  */
91  public function set($key, $value) {
92  $this->start();
93  $_SESSION[$key] = $value;
94  }
95 
96  /**
97  * @see Session::remove()
98  */
99  public function remove($key) {
100  $this->start();
101  unset($_SESSION[$key]);
102  }
103 
104  /**
105  * @see Session::exist()
106  */
107  public function exist($key) {
108  $this->start();
109  $result = isset($_SESSION[$key]);
110  return $result;
111  }
112 
113  /**
114  * @see Session::clear()
115  */
116  public function clear() {
117  $this->start();
118  $_SESSION = [];
119  }
120 
121  /**
122  * @see Session::destroy()
123  */
124  public function destroy() {
125  $this->start();
126  $_SESSION = [];
127  @session_destroy();
128  }
129 
130  /**
131  * @see Session::setAuthUser()
132  */
133  public function setAuthUser($login) {
134  $this->set(self::AUTH_USER_NAME, $login);
135  // NOTE: prevent "headers already sent" errors in phpunit tests
136  if (session_status() === PHP_SESSION_ACTIVE && !headers_sent()) {
137  session_regenerate_id(true);
138  }
139  }
140 
141  /**
142  * @see Session::getAuthUser()
143  */
144  public function getAuthUser() {
145  $login = AnonymousUser::USER_GROUP_NAME;
146  // check for auth user in session
147  if ($this->exist(self::AUTH_USER_NAME)) {
148  $login = $this->get(self::AUTH_USER_NAME);
149  }
150  return $login;
151  }
152 
153  /**
154  * Start the session, if it is not started already
155  */
156  private function start() {
157  if (session_status() == PHP_SESSION_NONE) {
158  // NOTE: prevent "headers already sent" errors in phpunit tests
159  if (!headers_sent()) {
160  session_start();
161  }
162  }
163  }
164 
165  /**
166  * Get the cookie prefix
167  * @return String
168  */
169  protected function getCookiePrefix() {
170  return $this->cookiePrefix;
171  }
172 
173  /**
174  * Get the cookie name
175  * @return String
176  */
177  private function getCookieName() {
178  return $this->cookiePrefix.'-session';
179  }
180 }
wcmf\lib\core\impl\DefaultSession\__construct
__construct(Configuration $configuration)
Constructor.
Definition: DefaultSession.php:36
wcmf\lib\core\Session
Session is the interface for session implementations and defines access to session variables.
Definition: Session.php:19
wcmf\lib\core\impl\DefaultSession\getCookiePrefix
getCookiePrefix()
Get the cookie prefix.
Definition: DefaultSession.php:169
wcmf\lib\util\StringUtil
StringUtil provides support for string manipulation.
Definition: StringUtil.php:18
wcmf\lib\config\Configuration\getValue
getValue($key, $section)
Get a configuration value.
wcmf\lib\config\Configuration
Implementations of Configuration give access to the application configuration.
Definition: Configuration.php:32
wcmf\lib\util\StringUtil\slug
static slug($string)
Converts all accent characters to ASCII characters.
Definition: StringUtil.php:419
wcmf\lib\util\URIUtil
URIUtil provides support for uri manipulation.
Definition: URIUtil.php:18
wcmf\lib\core\impl\DefaultSession
DefaultSession uses the default PHP session implementation:
Definition: DefaultSession.php:26