| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 | <?php/* * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */namespace Symfony\Component\HttpFoundation\Session\Storage\Handler;use Symfony\Component\HttpFoundation\Session\SessionUtils;/** * This abstract session handler provides a generic implementation * of the PHP 7.0 SessionUpdateTimestampHandlerInterface, * enabling strict and lazy session handling. * * @author Nicolas Grekas <p@tchwork.com> */abstract class AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface{    private $sessionName;    private $prefetchId;    private $prefetchData;    private $newSessionId;    private $igbinaryEmptyData;    /**     * @return bool     */    public function open($savePath, $sessionName)    {        $this->sessionName = $sessionName;        if (!headers_sent() && !ini_get('session.cache_limiter') && '0' !== ini_get('session.cache_limiter')) {            header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) ini_get('session.cache_expire')));        }        return true;    }    /**     * @return string     */    abstract protected function doRead(string $sessionId);    /**     * @return bool     */    abstract protected function doWrite(string $sessionId, string $data);    /**     * @return bool     */    abstract protected function doDestroy(string $sessionId);    /**     * @return bool     */    public function validateId($sessionId)    {        $this->prefetchData = $this->read($sessionId);        $this->prefetchId = $sessionId;        if (\PHP_VERSION_ID < 70317 || (70400 <= \PHP_VERSION_ID && \PHP_VERSION_ID < 70405)) {            // work around https://bugs.php.net/79413            foreach (debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS) as $frame) {                if (!isset($frame['class']) && isset($frame['function']) && \in_array($frame['function'], ['session_regenerate_id', 'session_create_id'], true)) {                    return '' === $this->prefetchData;                }            }        }        return '' !== $this->prefetchData;    }    /**     * @return string     */    public function read($sessionId)    {        if (null !== $this->prefetchId) {            $prefetchId = $this->prefetchId;            $prefetchData = $this->prefetchData;            $this->prefetchId = $this->prefetchData = null;            if ($prefetchId === $sessionId || '' === $prefetchData) {                $this->newSessionId = '' === $prefetchData ? $sessionId : null;                return $prefetchData;            }        }        $data = $this->doRead($sessionId);        $this->newSessionId = '' === $data ? $sessionId : null;        return $data;    }    /**     * @return bool     */    public function write($sessionId, $data)    {        if (null === $this->igbinaryEmptyData) {            // see https://github.com/igbinary/igbinary/issues/146            $this->igbinaryEmptyData = \function_exists('igbinary_serialize') ? igbinary_serialize([]) : '';        }        if ('' === $data || $this->igbinaryEmptyData === $data) {            return $this->destroy($sessionId);        }        $this->newSessionId = null;        return $this->doWrite($sessionId, $data);    }    /**     * @return bool     */    public function destroy($sessionId)    {        if (!headers_sent() && filter_var(ini_get('session.use_cookies'), FILTER_VALIDATE_BOOLEAN)) {            if (!$this->sessionName) {                throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class));            }            $cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);            /*             * We send an invalidation Set-Cookie header (zero lifetime)             * when either the session was started or a cookie with             * the session name was sent by the client (in which case             * we know it's invalid as a valid session cookie would've             * started the session).             */            if (null === $cookie || isset($_COOKIE[$this->sessionName])) {                if (\PHP_VERSION_ID < 70300) {                    setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN));                } else {                    $params = session_get_cookie_params();                    unset($params['lifetime']);                    setcookie($this->sessionName, '', $params);                }            }        }        return $this->newSessionId === $sessionId || $this->doDestroy($sessionId);    }}
 |