summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session/Session_driver.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-10-06 00:50:14 +0200
committerAndrey Andreev <narf@devilix.net>2014-10-06 00:50:14 +0200
commitdfb39bec5faf77e806e55f3ee9d2138e57d55010 (patch)
tree8060a4e8f7a28d230e689880bba022cd1ba081d4 /system/libraries/Session/Session_driver.php
parent4a485a73d64a8bebc7625aabc5fdc361d5e7dc56 (diff)
feature/session (#3073): Refactor configuration & fix cookie expiry times
Diffstat (limited to 'system/libraries/Session/Session_driver.php')
-rw-r--r--system/libraries/Session/Session_driver.php146
1 files changed, 9 insertions, 137 deletions
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index a3bc392ad..fb695dade 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -37,57 +37,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
*/
abstract class CI_Session_driver implements SessionHandlerInterface {
- // WARNING! Setting default values to properties will
- // prevent using the configuration file values.
-
- /**
- * Expiration time
- *
- * @var int
- */
- protected $_expiration;
-
- /**
- * Cookie name
- *
- * @var string
- */
- protected $_cookie_name;
-
- /**
- * Cookie domain
- *
- * @var string
- */
- protected $_cookie_domain;
-
- /**
- * Cookie path
- *
- * @var string
- */
- protected $_cookie_path;
-
- /**
- * Cookie secure flag
- *
- * @var bool
- */
- protected $_cookie_secure;
-
- /**
- * Cookie HTTP-only flag
- *
- * @var bool
- */
- protected $_cookie_httponly;
-
- /**
- * Match IP addresses flag
- *
- * @var bool
- */
- protected $_match_ip;
+ protected $_config;
/**
* Data fingerprint
@@ -111,87 +61,9 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
* @param array $params Configuration parameters
* @return void
*/
- public function __construct($params)
+ public function __construct(&$params)
{
- foreach ($params as $key => &$value)
- {
- $key = (strncmp($key, 'sess_', 5) === 0)
- ? substr($key, 4)
- : '_'.$key;
-
- property_exists($this, $key) && $this->$key = $value;
- }
-
- isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration');
- isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name');
- isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain');
- isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path');
- isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure');
- isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly');
- isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip');
-
- // Pass our configuration to php.ini, when appropriate
- ini_set('session.name', $this->_cookie_name);
- isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain);
- isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path);
- isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure);
- isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly);
-
- if ($this->_expiration)
- {
- ini_set('session.gc_maxlifetime', $this->_expiration);
- ini_set('session.cookie_lifetime', $this->_expiration);
- }
- // BC workaround for setting cookie lifetime
- elseif (config_item('sess_expire_on_close'))
- {
- ini_set('session.cookie_lifetime', 0);
- }
-
- // Security is king
- ini_set('session.use_trans_id', 0);
- ini_set('session.use_strict_mode', 1);
- ini_set('session.use_cookies', 1);
- ini_set('session.use_only_cookies', 1);
- ini_set('session.hash_function', 1);
- ini_set('session.hash_bits_per_character', 4);
-
- // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
- //
- // The session ID sanitizer doesn't check for the value type and blindly does
- // an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
- if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name]))
- {
- unset($_COOKIE[$this->_cookie_name]);
- }
-
-/*
- Need to test if this is necessary for a custom driver or if it's only
- relevant to PHP's own files handler.
-
- https://bugs.php.net/bug.php?id=65475
- do this after session is started:
- if (is_php('5.5.2') && ! is_php('5.5.4'))
- {
- $session_id = session_id();
- if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file))
- {
- unlink(<teh file>);
- }
-
- setcookie(
- $this->_cookie_name,
- $session_id,
- $this->_expiration
- ? time() + $this->_expiration
- : 0,
- $this->_cookie_path,
- $this->_cookie_domain,
- $this->_cookie_secure,
- $this->_cookie_httponly
- );
- }
-*/
+ $this->_config =& $params;
}
// ------------------------------------------------------------------------
@@ -199,13 +71,13 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
protected function _cookie_destroy()
{
return setcookie(
- $this->_cookie_name,
+ $this->_config['cookie_name'],
NULL,
1,
- $this->_cookie_path,
- $this->_cookie_domain,
- $this->_cookie_secure,
- $this->_cookie_httponly
+ $this->_config['cookie_path'],
+ $this->_config['cookie_domain'],
+ $this->_config['cookie_secure'],
+ TRUE
);
}
@@ -230,7 +102,7 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
return TRUE;
}
- if (($this->_lock = sem_get($session_id.($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE)
+ if (($this->_lock = sem_get($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE)
{
return FALSE;
}