Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 93d9fa77732b2538417b934a9c23293ee465a23d / . / system / libraries / Session / Session_driver.php
blob: a3bc392adfebda409431e676068cd6a57d911afc [file] [log] [blame]
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300[diff] [blame]1<?php
2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 5.2.4 or newer
6 *
7 * NOTICE OF LICENSE
8 *
9 * Licensed under the Open Software License version 3.0
10 *
11 * This source file is subject to the Open Software License (OSL 3.0) that is
12 * bundled with this package in the files license.txt / license.rst. It is
13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
19 * @package CodeIgniter
20 * @author EllisLab Dev Team
21 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
22 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
23 * @link http://codeigniter.com
24 * @since Version 3.0
25 * @filesource
26 */
27defined('BASEPATH') OR exit('No direct script access allowed');
28
29/**
30 * CodeIgniter Session Driver Class
31 *
32 * @package CodeIgniter
33 * @subpackage Libraries
34 * @category Sessions
35 * @author Andrey Andreev
36 * @link http://codeigniter.com/user_guide/libraries/sessions.html
37 */
38abstract class CI_Session_driver implements SessionHandlerInterface {
39
40 // WARNING! Setting default values to properties will
41 // prevent using the configuration file values.
42
43 /**
44 * Expiration time
45 *
46 * @var int
47 */
48 protected $_expiration;
49
50 /**
51 * Cookie name
52 *
53 * @var string
54 */
55 protected $_cookie_name;
56
57 /**
58 * Cookie domain
59 *
60 * @var string
61 */
62 protected $_cookie_domain;
63
64 /**
65 * Cookie path
66 *
67 * @var string
68 */
69 protected $_cookie_path;
70
71 /**
72 * Cookie secure flag
73 *
74 * @var bool
75 */
76 protected $_cookie_secure;
77
78 /**
79 * Cookie HTTP-only flag
80 *
81 * @var bool
82 */
83 protected $_cookie_httponly;
84
85 /**
86 * Match IP addresses flag
87 *
88 * @var bool
89 */
90 protected $_match_ip;
91
92 /**
Andrey Andreev93d9fa72014-08-27 22:14:36 +0300[diff] [blame^]93 * Data fingerprint
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300[diff] [blame]94 *
95 * @var bool
96 */
97 protected $_fingerprint;
98
Andrey Andreev93d9fa72014-08-27 22:14:36 +0300[diff] [blame^]99 /**
100 * Lock placeholder
101 *
102 * @var mixed
103 */
104 protected $_lock = FALSE;
105
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300[diff] [blame]106 // ------------------------------------------------------------------------
107
108 /**
109 * Class constructor
110 *
111 * @param array $params Configuration parameters
112 * @return void
113 */
114 public function __construct($params)
115 {
116 foreach ($params as $key => &$value)
117 {
118 $key = (strncmp($key, 'sess_', 5) === 0)
119 ? substr($key, 4)
120 : '_'.$key;
121
122 property_exists($this, $key) && $this->$key = $value;
123 }
124
125 isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration');
126 isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name');
127 isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain');
128 isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path');
129 isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure');
130 isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly');
131 isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip');
132
133 // Pass our configuration to php.ini, when appropriate
134 ini_set('session.name', $this->_cookie_name);
135 isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain);
136 isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path);
137 isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure);
138 isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly);
139
140 if ($this->_expiration)
141 {
142 ini_set('session.gc_maxlifetime', $this->_expiration);
Andrey Andreevac4f4722014-06-02 11:16:32 +0300[diff] [blame]143 ini_set('session.cookie_lifetime', $this->_expiration);
144 }
145 // BC workaround for setting cookie lifetime
146 elseif (config_item('sess_expire_on_close'))
147 {
148 ini_set('session.cookie_lifetime', 0);
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300[diff] [blame]149 }
150
151 // Security is king
152 ini_set('session.use_trans_id', 0);
153 ini_set('session.use_strict_mode', 1);
154 ini_set('session.use_cookies', 1);
155 ini_set('session.use_only_cookies', 1);
156 ini_set('session.hash_function', 1);
157 ini_set('session.hash_bits_per_character', 4);
158
159 // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
160 //
161 // The session ID sanitizer doesn't check for the value type and blindly does
162 // an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
163 if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name]))
164 {
165 unset($_COOKIE[$this->_cookie_name]);
166 }
167
168/*
169 Need to test if this is necessary for a custom driver or if it's only
170 relevant to PHP's own files handler.
171
172 https://bugs.php.net/bug.php?id=65475
173 do this after session is started:
174 if (is_php('5.5.2') && ! is_php('5.5.4'))
175 {
176 $session_id = session_id();
177 if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file))
178 {
179 unlink(<teh file>);
180 }
181
182 setcookie(
183 $this->_cookie_name,
184 $session_id,
185 $this->_expiration
186 ? time() + $this->_expiration
187 : 0,
188 $this->_cookie_path,
189 $this->_cookie_domain,
190 $this->_cookie_secure,
191 $this->_cookie_httponly
192 );
193 }
194*/
195 }
196
197 // ------------------------------------------------------------------------
198
199 protected function _cookie_destroy()
200 {
201 return setcookie(
202 $this->_cookie_name,
203 NULL,
204 1,
205 $this->_cookie_path,
206 $this->_cookie_domain,
207 $this->_cookie_secure,
208 $this->_cookie_httponly
209 );
210 }
211
Andrey Andreev93d9fa72014-08-27 22:14:36 +0300[diff] [blame^]212 // ------------------------------------------------------------------------
213
214 /**
215 * Get lock
216 *
217 * A default locking mechanism via semaphores, if ext/sysvsem is available.
218 *
219 * Drivers will usually override this and only fallback to it if no other
220 * locking mechanism is available.
221 *
222 * @param string $session_id
223 * @return bool
224 */
225 protected function _get_lock($session_id)
226 {
227 if ( ! extension_loaded('sysvsem'))
228 {
229 $this->_lock = TRUE;
230 return TRUE;
231 }
232
233 if (($this->_lock = sem_get($session_id.($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE)
234 {
235 return FALSE;
236 }
237
238 if ( ! sem_acquire($this->_lock))
239 {
240 sem_remove($this->_lock);
241 $this->_lock = FALSE;
242 return FALSE;
243 }
244
245 return TRUE;
246 }
247
248 // ------------------------------------------------------------------------
249
250 /**
251 * Release lock
252 *
253 * @return bool
254 */
255 protected function _release_lock()
256 {
257 if (extension_loaded('sysvsem') && $this->_lock)
258 {
259 sem_release($this->_lock);
260 sem_remove($this->_lock);
261 $this->_lock = FALSE;
262 }
263
264 return TRUE;
265 }
266
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300[diff] [blame]267}
268
269/* End of file Session_driver.php */
270/* Location: ./system/libraries/Session/Session_driver.php */