Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 47a47fb9fafdb26206d01d846d8013f6e883eb37 / . / system / libraries / Session / Session_driver.php
blob: c46ca3a34d68595c1ed72b0eccba949eff693571 [file] [log] [blame]
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300[diff] [blame^]1<?php
2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 5.2.4 or newer
6 *
7 * NOTICE OF LICENSE
8 *
9 * Licensed under the Open Software License version 3.0
10 *
11 * This source file is subject to the Open Software License (OSL 3.0) that is
12 * bundled with this package in the files license.txt / license.rst. It is
13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
19 * @package CodeIgniter
20 * @author EllisLab Dev Team
21 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
22 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
23 * @link http://codeigniter.com
24 * @since Version 3.0
25 * @filesource
26 */
27defined('BASEPATH') OR exit('No direct script access allowed');
28
29/**
30 * CodeIgniter Session Driver Class
31 *
32 * @package CodeIgniter
33 * @subpackage Libraries
34 * @category Sessions
35 * @author Andrey Andreev
36 * @link http://codeigniter.com/user_guide/libraries/sessions.html
37 */
38abstract class CI_Session_driver implements SessionHandlerInterface {
39
40 // WARNING! Setting default values to properties will
41 // prevent using the configuration file values.
42
43 /**
44 * Expiration time
45 *
46 * @var int
47 */
48 protected $_expiration;
49
50 /**
51 * Cookie name
52 *
53 * @var string
54 */
55 protected $_cookie_name;
56
57 /**
58 * Cookie domain
59 *
60 * @var string
61 */
62 protected $_cookie_domain;
63
64 /**
65 * Cookie path
66 *
67 * @var string
68 */
69 protected $_cookie_path;
70
71 /**
72 * Cookie secure flag
73 *
74 * @var bool
75 */
76 protected $_cookie_secure;
77
78 /**
79 * Cookie HTTP-only flag
80 *
81 * @var bool
82 */
83 protected $_cookie_httponly;
84
85 /**
86 * Match IP addresses flag
87 *
88 * @var bool
89 */
90 protected $_match_ip;
91
92 /**
93 * Data dash
94 *
95 * @var bool
96 */
97 protected $_fingerprint;
98
99 // ------------------------------------------------------------------------
100
101 /**
102 * Class constructor
103 *
104 * @param array $params Configuration parameters
105 * @return void
106 */
107 public function __construct($params)
108 {
109 foreach ($params as $key => &$value)
110 {
111 $key = (strncmp($key, 'sess_', 5) === 0)
112 ? substr($key, 4)
113 : '_'.$key;
114
115 property_exists($this, $key) && $this->$key = $value;
116 }
117
118 isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration');
119 isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name');
120 isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain');
121 isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path');
122 isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure');
123 isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly');
124 isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip');
125
126 // Pass our configuration to php.ini, when appropriate
127 ini_set('session.name', $this->_cookie_name);
128 isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain);
129 isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path);
130 isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure);
131 isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly);
132
133 if ($this->_expiration)
134 {
135 ini_set('session.gc_maxlifetime', $this->_expiration);
136 }
137
138 // Security is king
139 ini_set('session.use_trans_id', 0);
140 ini_set('session.use_strict_mode', 1);
141 ini_set('session.use_cookies', 1);
142 ini_set('session.use_only_cookies', 1);
143 ini_set('session.hash_function', 1);
144 ini_set('session.hash_bits_per_character', 4);
145
146 // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
147 //
148 // The session ID sanitizer doesn't check for the value type and blindly does
149 // an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
150 if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name]))
151 {
152 unset($_COOKIE[$this->_cookie_name]);
153 }
154
155/*
156 Need to test if this is necessary for a custom driver or if it's only
157 relevant to PHP's own files handler.
158
159 https://bugs.php.net/bug.php?id=65475
160 do this after session is started:
161 if (is_php('5.5.2') && ! is_php('5.5.4'))
162 {
163 $session_id = session_id();
164 if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file))
165 {
166 unlink(<teh file>);
167 }
168
169 setcookie(
170 $this->_cookie_name,
171 $session_id,
172 $this->_expiration
173 ? time() + $this->_expiration
174 : 0,
175 $this->_cookie_path,
176 $this->_cookie_domain,
177 $this->_cookie_secure,
178 $this->_cookie_httponly
179 );
180 }
181*/
182 }
183
184 // ------------------------------------------------------------------------
185
186 protected function _cookie_destroy()
187 {
188 return setcookie(
189 $this->_cookie_name,
190 NULL,
191 1,
192 $this->_cookie_path,
193 $this->_cookie_domain,
194 $this->_cookie_secure,
195 $this->_cookie_httponly
196 );
197 }
198
199}
200
201/* End of file Session_driver.php */
202/* Location: ./system/libraries/Session/Session_driver.php */