interface/modules/zend_modules/library/Zend/Session/SessionManager.php

   1 <?php
   2 /**
   3  * Zend Framework (http://framework.zend.com/)
   4  *
   5  * @link      http://github.com/zendframework/zf2 for the canonical source repository
   6  * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
   7  * @license   http://framework.zend.com/license/new-bsd New BSD License
   8  */
   9
  10 namespace Zend\Session;
  11
  12 use Zend\EventManager\EventManagerInterface;
  13
  14 /**
  15  * Session ManagerInterface implementation utilizing ext/session
  16  */
  17 class SessionManager extends AbstractManager
  18 {
  19     /**
  20      * Default options when a call to {@link destroy()} is made
  21      * - send_expire_cookie: whether or not to send a cookie expiring the current session cookie
  22      * - clear_storage: whether or not to empty the storage object of any stored values
  23      * @var array
  24      */
  25     protected $defaultDestroyOptions = array(
  26         'send_expire_cookie' => true,
  27         'clear_storage'      => false,
  28     );
  29
  30     /**
  31      * @var string value returned by session_name()
  32      */
  33     protected $name;
  34
  35     /**
  36      * @var EventManagerInterface Validation chain to determine if session is valid
  37      */
  38     protected $validatorChain;
  39
  40     /**
  41      * Constructor
  42      *
  43      * @param  Config\ConfigInterface|null $config
  44      * @param  Storage\StorageInterface|null $storage
  45      * @param  SaveHandler\SaveHandlerInterface|null $saveHandler
  46      * @throws Exception\RuntimeException
  47      */
  48     public function __construct(Config\ConfigInterface $config = null, Storage\StorageInterface $storage = null, SaveHandler\SaveHandlerInterface $saveHandler = null)
  49     {
  50         parent::__construct($config, $storage, $saveHandler);
  51         register_shutdown_function(array($this, 'writeClose'));
  52     }
  53
  54     /**
  55      * Does a session exist and is it currently active?
  56      *
  57      * @return bool
  58      */
  59     public function sessionExists()
  60     {
  61         $sid = defined('SID') ? constant('SID') : false;
  62         if ($sid !== false && $this->getId()) {
  63             return true;
  64         }
  65         if (headers_sent()) {
  66             return true;
  67         }
  68         return false;
  69     }
  70
  71     /**
  72      * Start session
  73      *
  74      * if No session currently exists, attempt to start it. Calls
  75      * {@link isValid()} once session_start() is called, and raises an
  76      * exception if validation fails.
  77      *
  78      * @param bool $preserveStorage        If set to true, current session storage will not be overwritten by the
  79      *                                     contents of $_SESSION.
  80      * @return void
  81      * @throws Exception\RuntimeException
  82      */
  83     public function start($preserveStorage = false)
  84     {
  85         if ($this->sessionExists()) {
  86             return;
  87         }
  88
  89         $saveHandler = $this->getSaveHandler();
  90         if ($saveHandler instanceof SaveHandler\SaveHandlerInterface) {
  91             // register the session handler with ext/session
  92             $this->registerSaveHandler($saveHandler);
  93         }
  94
  95         session_start();
  96
  97         $storage = $this->getStorage();
  98
  99         // Since session is starting, we need to potentially repopulate our
 100         // session storage
 101         if ($storage instanceof Storage\SessionStorage && $_SESSION !== $storage) {
 102             if (!$preserveStorage) {
 103                 $storage->fromArray($_SESSION);
 104             }
 105             $_SESSION = $storage;
 106         } elseif ($storage instanceof Storage\StorageInitializationInterface) {
 107             $storage->init($_SESSION);
 108         }
 109
 110         if (!$this->isValid()) {
 111             throw new Exception\RuntimeException('Session validation failed');
 112         }
 113     }
 114
 115     /**
 116      * Destroy/end a session
 117      *
 118      * @param  array $options See {@link $defaultDestroyOptions}
 119      * @return void
 120      */
 121     public function destroy(array $options = null)
 122     {
 123         if (!$this->sessionExists()) {
 124             return;
 125         }
 126
 127         if (null === $options) {
 128             $options = $this->defaultDestroyOptions;
 129         } else {
 130             $options = array_merge($this->defaultDestroyOptions, $options);
 131         }
 132
 133         session_destroy();
 134         if ($options['send_expire_cookie']) {
 135             $this->expireSessionCookie();
 136         }
 137
 138         if ($options['clear_storage']) {
 139             $this->getStorage()->clear();
 140         }
 141     }
 142
 143     /**
 144      * Write session to save handler and close
 145      *
 146      * Once done, the Storage object will be marked as isImmutable.
 147      *
 148      * @return void
 149      */
 150     public function writeClose()
 151     {
 152         // The assumption is that we're using PHP's ext/session.
 153         // session_write_close() will actually overwrite $_SESSION with an
 154         // empty array on completion -- which leads to a mismatch between what
 155         // is in the storage object and $_SESSION. To get around this, we
 156         // temporarily reset $_SESSION to an array, and then re-link it to
 157         // the storage object.
 158         //
 159         // Additionally, while you _can_ write to $_SESSION following a
 160         // session_write_close() operation, no changes made to it will be
 161         // flushed to the session handler. As such, we now mark the storage
 162         // object isImmutable.
 163         $storage  = $this->getStorage();
 164         if (!$storage->isImmutable()) {
 165             $_SESSION = $storage->toArray(true);
 166             session_write_close();
 167             $storage->fromArray($_SESSION);
 168             $storage->markImmutable();
 169         }
 170     }
 171
 172     /**
 173      * Attempt to set the session name
 174      *
 175      * If the session has already been started, or if the name provided fails
 176      * validation, an exception will be raised.
 177      *
 178      * @param  string $name
 179      * @return SessionManager
 180      * @throws Exception\InvalidArgumentException
 181      */
 182     public function setName($name)
 183     {
 184         if ($this->sessionExists()) {
 185             throw new Exception\InvalidArgumentException(
 186                 'Cannot set session name after a session has already started'
 187             );
 188         }
 189
 190         if (!preg_match('/^[a-zA-Z0-9]+$/', $name)) {
 191             throw new Exception\InvalidArgumentException(
 192                 'Name provided contains invalid characters; must be alphanumeric only'
 193             );
 194         }
 195
 196         $this->name = $name;
 197         session_name($name);
 198         return $this;
 199     }
 200
 201     /**
 202      * Get session name
 203      *
 204      * Proxies to {@link session_name()}.
 205      *
 206      * @return string
 207      */
 208     public function getName()
 209     {
 210         if (null === $this->name) {
 211             // If we're grabbing via session_name(), we don't need our
 212             // validation routine; additionally, calling setName() after
 213             // session_start() can lead to issues, and often we just need the name
 214             // in order to do things such as setting cookies.
 215             $this->name = session_name();
 216         }
 217         return $this->name;
 218     }
 219
 220     /**
 221      * Set session ID
 222      *
 223      * Can safely be called in the middle of a session.
 224      *
 225      * @param  string $id
 226      * @return SessionManager
 227      */
 228     public function setId($id)
 229     {
 230         if ($this->sessionExists()) {
 231             throw new Exception\RuntimeException('Session has already been started, to change the session ID call regenerateId()');
 232         }
 233         session_id($id);
 234         return $this;
 235     }
 236
 237     /**
 238      * Get session ID
 239      *
 240      * Proxies to {@link session_id()}
 241      *
 242      * @return string
 243      */
 244     public function getId()
 245     {
 246         return session_id();
 247     }
 248
 249     /**
 250      * Regenerate id
 251      *
 252      * Regenerate the session ID, using session save handler's
 253      * native ID generation Can safely be called in the middle of a session.
 254      *
 255      * @param  bool $deleteOldSession
 256      * @return SessionManager
 257      */
 258     public function regenerateId($deleteOldSession = true)
 259     {
 260         session_regenerate_id((bool) $deleteOldSession);
 261         return $this;
 262     }
 263
 264     /**
 265      * Set the TTL (in seconds) for the session cookie expiry
 266      *
 267      * Can safely be called in the middle of a session.
 268      *
 269      * @param  null|int $ttl
 270      * @return SessionManager
 271      */
 272     public function rememberMe($ttl = null)
 273     {
 274         if (null === $ttl) {
 275             $ttl = $this->getConfig()->getRememberMeSeconds();
 276         }
 277         $this->setSessionCookieLifetime($ttl);
 278         return $this;
 279     }
 280
 281     /**
 282      * Set a 0s TTL for the session cookie
 283      *
 284      * Can safely be called in the middle of a session.
 285      *
 286      * @return SessionManager
 287      */
 288     public function forgetMe()
 289     {
 290         $this->setSessionCookieLifetime(0);
 291         return $this;
 292     }
 293
 294     /**
 295      * Set the validator chain to use when validating a session
 296      *
 297      * In most cases, you should use an instance of {@link ValidatorChain}.
 298      *
 299      * @param  EventManagerInterface $chain
 300      * @return SessionManager
 301      */
 302     public function setValidatorChain(EventManagerInterface $chain)
 303     {
 304         $this->validatorChain = $chain;
 305         return $this;
 306     }
 307
 308     /**
 309      * Get the validator chain to use when validating a session
 310      *
 311      * By default, uses an instance of {@link ValidatorChain}.
 312      *
 313      * @return EventManagerInterface
 314      */
 315     public function getValidatorChain()
 316     {
 317         if (null === $this->validatorChain) {
 318             $this->setValidatorChain(new ValidatorChain($this->getStorage()));
 319         }
 320         return $this->validatorChain;
 321     }
 322
 323     /**
 324      * Is this session valid?
 325      *
 326      * Notifies the Validator Chain until either all validators have returned
 327      * true or one has failed.
 328      *
 329      * @return bool
 330      */
 331     public function isValid()
 332     {
 333         $validator = $this->getValidatorChain();
 334         $responses = $validator->triggerUntil('session.validate', $this, array($this), function ($test) {
 335             return !$test;
 336         });
 337         if ($responses->stopped()) {
 338             // If execution was halted, validation failed
 339             return false;
 340         }
 341         // Otherwise, we're good to go
 342         return true;
 343     }
 344
 345     /**
 346      * Expire the session cookie
 347      *
 348      * Sends a session cookie with no value, and with an expiry in the past.
 349      *
 350      * @return void
 351      */
 352     public function expireSessionCookie()
 353     {
 354         $config = $this->getConfig();
 355         if (!$config->getUseCookies()) {
 356             return;
 357         }
 358         setcookie(
 359             $this->getName(),                 // session name
 360             '',                               // value
 361             $_SERVER['REQUEST_TIME'] - 42000, // TTL for cookie
 362             $config->getCookiePath(),
 363             $config->getCookieDomain(),
 364             $config->getCookieSecure(),
 365             $config->getCookieHttpOnly()
 366         );
 367     }
 368
 369     /**
 370      * Set the session cookie lifetime
 371      *
 372      * If a session already exists, destroys it (without sending an expiration
 373      * cookie), regenerates the session ID, and restarts the session.
 374      *
 375      * @param  int $ttl
 376      * @return void
 377      */
 378     protected function setSessionCookieLifetime($ttl)
 379     {
 380         $config = $this->getConfig();
 381         if (!$config->getUseCookies()) {
 382             return;
 383         }
 384
 385         // Set new cookie TTL
 386         $config->setCookieLifetime($ttl);
 387
 388         if ($this->sessionExists()) {
 389             // There is a running session so we'll regenerate id to send a new cookie
 390             $this->regenerateId();
 391         }
 392     }
 393
 394     /**
 395      * Register Save Handler with ext/session
 396      *
 397      * Since ext/session is coupled to this particular session manager
 398      * register the save handler with ext/session.
 399      *
 400      * @param SaveHandler\SaveHandlerInterface $saveHandler
 401      * @return bool
 402      */
 403     protected function registerSaveHandler(SaveHandler\SaveHandlerInterface $saveHandler)
 404     {
 405         return session_set_save_handler(
 406             array($saveHandler, 'open'),
 407             array($saveHandler, 'close'),
 408             array($saveHandler, 'read'),
 409             array($saveHandler, 'write'),
 410             array($saveHandler, 'destroy'),
 411             array($saveHandler, 'gc')
 412         );
 413     }
 414 }