friendica/include/session.php

<?php
/**
 * Session management functions. These provide database storage of PHP session info.
 */
use Friendica\Core\Cache;
use Friendica\Core\Config;
use Friendica\Database\DBM;

$session_exists = 0;
$session_expire = 180000;

function ref_session_open()
{
	return true;
}

function ref_session_read($id)
{
	global $session_exists;

	if (!x($id)) {
		return '';
	}

	$memcache = Cache::memcache();
	if (is_object($memcache)) {
		$data = $memcache->get(get_app()->get_hostname().":session:".$id);
		if (!is_bool($data)) {
			$session_exists = true;
			return $data;
		}
		logger("no data for session $id", LOGGER_TRACE);
		return '';
	}

	$session = dba::selectFirst('session', ['data'], ['sid' => $id]);
	if (DBM::is_result($session)) {
		$session_exists = true;
		return $session['data'];
	} else {
		logger("no data for session $id", LOGGER_TRACE);
	}

	return '';
}

/**
 * @brief Standard PHP session write callback
 *
 * This callback updates the DB-stored session data and/or the expiration depending
 * on the case. Uses the $session_expire global for existing session, 5 minutes
 * for newly created session.
 *
 * @global bool   $session_exists Whether a session with the given id already exists
 * @global int    $session_expire Session expiration delay in seconds
 * @param  string $id   Session ID with format: [a-z0-9]{26}
 * @param  string $data Serialized session data
 * @return boolean Returns false if parameters are missing, true otherwise
 */
function ref_session_write($id, $data)
{
	global $session_exists, $session_expire;

	if (!$id) {
		return false;
	}

	if (!$data) {
		return true;
	}

	$expire = time() + $session_expire;
	$default_expire = time() + 300;

	$memcache = Cache::memcache();
	$a = get_app();
	if (is_object($memcache) && is_object($a)) {
		$memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
		return true;
	}

	if ($session_exists) {
		$fields = ['data' => $data, 'expire' => $expire];
		$condition = ["`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire];
		dba::update('session', $fields, $condition);
	} else {
		$fields = ['sid' => $id, 'expire' => $default_expire, 'data' => $data];
		dba::insert('session', $fields);
	}

	return true;
}

function ref_session_close()
{
	return true;
}

function ref_session_destroy($id)
{
	$memcache = Cache::memcache();

	if (is_object($memcache)) {
		$memcache->delete(get_app()->get_hostname().":session:".$id);
		return true;
	}

	dba::delete('session', ['sid' => $id]);
	return true;
}

function ref_session_gc()
{
	dba::delete('session', ["`expire` < ?", time()]);
	return true;
}

$gc_probability = 50;

ini_set('session.gc_probability', $gc_probability);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);

if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
	ini_set('session.cookie_secure', 1);
}

if (!Config::get('system', 'disable_database_session')) {
	session_set_save_handler(
		'ref_session_open', 'ref_session_close',
		'ref_session_read', 'ref_session_write',
		'ref_session_destroy', 'ref_session_gc'
	);
}
Initial checkin 2010-07-01 19:48:07 -04:00			`<?php`
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`/**`
			`* Session management functions. These provide database storage of PHP session info.`
			`*/`
			`use Friendica\Core\Cache;`
Issue 3700: Security and Privacy related Headers 2017-09-14 01:40:23 -04:00			`use Friendica\Core\Config;`
Class file relocations Issue #3878 2017-11-07 22:57:46 -05:00			`use Friendica\Database\DBM;`
Issue 3700: Security and Privacy related Headers 2017-09-14 01:40:23 -04:00
Initial checkin 2010-07-01 19:48:07 -04:00			`$session_exists = 0;`
			`$session_expire = 180000;`

Fix unused code in include - Fix local formatting - Remove unused variable - Fix unreached breaks - Remove commented out code - Add some documentation 2018-01-03 21:12:19 -05:00			`function ref_session_open()`
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`{`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`return true;`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`}`
Initial checkin 2010-07-01 19:48:07 -04:00
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`function ref_session_read($id)`
			`{`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`global $session_exists;`

We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`if (!x($id)) {`
			`return '';`
			`}`

Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`$memcache = Cache::memcache();`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`if (is_object($memcache)) {`
			`$data = $memcache->get(get_app()->get_hostname().":session:".$id);`
			`if (!is_bool($data)) {`
Avoid warning "Failed to write session data" 2017-10-31 12:03:01 -04:00			`$session_exists = true;`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`return $data;`
			`}`
			`logger("no data for session $id", LOGGER_TRACE);`
			`return '';`
			`}`

Improve dba::selectFirst calls - Fix remaining $r[0] references - Rename $r to meaningful names 2018-01-11 03:26:30 -05:00			`$session = dba::selectFirst('session', ['data'], ['sid' => $id]);`
			`if (DBM::is_result($session)) {`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`$session_exists = true;`
Improve dba::selectFirst calls - Fix remaining $r[0] references - Rename $r to meaningful names 2018-01-11 03:26:30 -05:00			`return $session['data'];`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`} else {`
			`logger("no data for session $id", LOGGER_TRACE);`
			`}`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`return '';`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`}`
Initial checkin 2010-07-01 19:48:07 -04:00
ping.php performance: improve documentation and formatting 2016-10-28 22:14:51 -04:00			`/**`
			`* @brief Standard PHP session write callback`
			`*`
			`* This callback updates the DB-stored session data and/or the expiration depending`
			`* on the case. Uses the $session_expire global for existing session, 5 minutes`
			`* for newly created session.`
			`*`
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`* @global bool $session_exists Whether a session with the given id already exists`
			`* @global int $session_expire Session expiration delay in seconds`
			`* @param string $id Session ID with format: [a-z0-9]{26}`
			`* @param string $data Serialized session data`
ping.php performance: improve documentation and formatting 2016-10-28 22:14:51 -04:00			`* @return boolean Returns false if parameters are missing, true otherwise`
			`*/`
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`function ref_session_write($id, $data)`
			`{`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`global $session_exists, $session_expire;`

Fix double login issue - Removed session existence check in killme - Changed returned value in session_write for empty data 2017-12-18 23:39:34 -05:00			`if (!$id) {`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`return false;`
			`}`

Fix double login issue - Removed session existence check in killme - Changed returned value in session_write for empty data 2017-12-18 23:39:34 -05:00			`if (!$data) {`
			`return true;`
			`}`

OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`$expire = time() + $session_expire;`
			`$default_expire = time() + 300;`

Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`$memcache = Cache::memcache();`
Avoiding some error messages 2017-01-20 17:22:05 -05:00			`$a = get_app();`
Replace AND and OR in PHP conditions by && and \|\| 2017-06-07 22:00:59 -04:00			`if (is_object($memcache) && is_object($a)) {`
Avoiding some error messages 2017-01-20 17:22:05 -05:00			`$memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`return true;`
			`}`

ping.php performance: improve documentation and formatting 2016-10-28 22:14:51 -04:00			`if ($session_exists) {`
Use short form array syntax everywhere - Add short form array syntax to po2php.php generation 2018-01-15 08:05:12 -05:00			`$fields = ['data' => $data, 'expire' => $expire];`
			$condition = ["`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire];
Avoid warning "Failed to write session data" 2017-10-31 12:03:01 -04:00			`dba::update('session', $fields, $condition);`
ping.php performance: improve documentation and formatting 2016-10-28 22:14:51 -04:00			`} else {`
Use short form array syntax everywhere - Add short form array syntax to po2php.php generation 2018-01-15 08:05:12 -05:00			`$fields = ['sid' => $id, 'expire' => $default_expire, 'data' => $data];`
Avoid warning "Failed to write session data" 2017-10-31 12:03:01 -04:00			`dba::insert('session', $fields);`
ping.php performance: improve documentation and formatting 2016-10-28 22:14:51 -04:00			`}`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00
			`return true;`
ping.php performance: improve documentation and formatting 2016-10-28 22:14:51 -04:00			`}`
Initial checkin 2010-07-01 19:48:07 -04:00
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`function ref_session_close()`
			`{`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`return true;`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`}`

Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`function ref_session_destroy($id)`
			`{`
			`$memcache = Cache::memcache();`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00
			`if (is_object($memcache)) {`
			`$memcache->delete(get_app()->get_hostname().":session:".$id);`
			`return true;`
			`}`
Initial checkin 2010-07-01 19:48:07 -04:00
Use short form array syntax everywhere - Add short form array syntax to po2php.php generation 2018-01-15 08:05:12 -05:00			`dba::delete('session', ['sid' => $id]);`
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`return true;`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`}`
Initial checkin 2010-07-01 19:48:07 -04:00
Fix unused code in include - Fix local formatting - Remove unused variable - Fix unreached breaks - Remove commented out code - Add some documentation 2018-01-03 21:12:19 -05:00			`function ref_session_gc()`
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`{`
Use short form array syntax everywhere - Add short form array syntax to po2php.php generation 2018-01-15 08:05:12 -05:00			dba::delete('session', ["`expire` < ?", time()]);
OStatus: Send even Friendica comments to OStatus 2015-12-07 15:52:42 -05:00			`return true;`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`}`
Initial checkin 2010-07-01 19:48:07 -04:00
			`$gc_probability = 50;`

			`ini_set('session.gc_probability', $gc_probability);`
			`ini_set('session.use_only_cookies', 1);`
			`ini_set('session.cookie_httponly', 1);`

Issue 3700: Security and Privacy related Headers 2017-09-14 01:40:23 -04:00			`if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {`
			`ini_set('session.cookie_secure', 1);`
			`}`

Issue-#3873 Replace deprecated functions with new syntax. 2017-11-06 21:22:52 -05:00			`if (!Config::get('system', 'disable_database_session')) {`
Move Cache to src relocate the cache class to Friendica\Core namespace 2017-11-09 11:05:18 -05:00			`session_set_save_handler(`
			`'ref_session_open', 'ref_session_close',`
			`'ref_session_read', 'ref_session_write',`
			`'ref_session_destroy', 'ref_session_gc'`
			`);`
We now use memcache if configured and installed. 2016-10-23 17:59:40 -04:00			`}`