diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-10-06 00:50:14 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-10-06 00:50:14 +0200 |
| commit | dfb39bec5faf77e806e55f3ee9d2138e57d55010 (patch) | |
| tree | 8060a4e8f7a28d230e689880bba022cd1ba081d4 /system/libraries/Session/Session_driver.php | |
| parent | 4a485a73d64a8bebc7625aabc5fdc361d5e7dc56 (diff) | |
feature/session (#3073): Refactor configuration & fix cookie expiry times
Diffstat (limited to 'system/libraries/Session/Session_driver.php')
| -rw-r--r-- | system/libraries/Session/Session_driver.php | 146 |
1 files changed, 9 insertions, 137 deletions
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index a3bc392ad..fb695dade 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -37,57 +37,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ abstract class CI_Session_driver implements SessionHandlerInterface { - // WARNING! Setting default values to properties will - // prevent using the configuration file values. - - /** - * Expiration time - * - * @var int - */ - protected $_expiration; - - /** - * Cookie name - * - * @var string - */ - protected $_cookie_name; - - /** - * Cookie domain - * - * @var string - */ - protected $_cookie_domain; - - /** - * Cookie path - * - * @var string - */ - protected $_cookie_path; - - /** - * Cookie secure flag - * - * @var bool - */ - protected $_cookie_secure; - - /** - * Cookie HTTP-only flag - * - * @var bool - */ - protected $_cookie_httponly; - - /** - * Match IP addresses flag - * - * @var bool - */ - protected $_match_ip; + protected $_config; /** * Data fingerprint @@ -111,87 +61,9 @@ abstract class CI_Session_driver implements SessionHandlerInterface { * @param array $params Configuration parameters * @return void */ - public function __construct($params) + public function __construct(&$params) { - foreach ($params as $key => &$value) - { - $key = (strncmp($key, 'sess_', 5) === 0) - ? substr($key, 4) - : '_'.$key; - - property_exists($this, $key) && $this->$key = $value; - } - - isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration'); - isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name'); - isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain'); - isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path'); - isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure'); - isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly'); - isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip'); - - // Pass our configuration to php.ini, when appropriate - ini_set('session.name', $this->_cookie_name); - isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain); - isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path); - isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure); - isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly); - - if ($this->_expiration) - { - ini_set('session.gc_maxlifetime', $this->_expiration); - ini_set('session.cookie_lifetime', $this->_expiration); - } - // BC workaround for setting cookie lifetime - elseif (config_item('sess_expire_on_close')) - { - ini_set('session.cookie_lifetime', 0); - } - - // Security is king - ini_set('session.use_trans_id', 0); - ini_set('session.use_strict_mode', 1); - ini_set('session.use_cookies', 1); - ini_set('session.use_only_cookies', 1); - ini_set('session.hash_function', 1); - ini_set('session.hash_bits_per_character', 4); - - // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827) - // - // The session ID sanitizer doesn't check for the value type and blindly does - // an implicit cast to string, which triggers an 'Array to string' E_NOTICE. - if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name])) - { - unset($_COOKIE[$this->_cookie_name]); - } - -/* - Need to test if this is necessary for a custom driver or if it's only - relevant to PHP's own files handler. - - https://bugs.php.net/bug.php?id=65475 - do this after session is started: - if (is_php('5.5.2') && ! is_php('5.5.4')) - { - $session_id = session_id(); - if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file)) - { - unlink(<teh file>); - } - - setcookie( - $this->_cookie_name, - $session_id, - $this->_expiration - ? time() + $this->_expiration - : 0, - $this->_cookie_path, - $this->_cookie_domain, - $this->_cookie_secure, - $this->_cookie_httponly - ); - } -*/ + $this->_config =& $params; } // ------------------------------------------------------------------------ @@ -199,13 +71,13 @@ abstract class CI_Session_driver implements SessionHandlerInterface { protected function _cookie_destroy() { return setcookie( - $this->_cookie_name, + $this->_config['cookie_name'], NULL, 1, - $this->_cookie_path, - $this->_cookie_domain, - $this->_cookie_secure, - $this->_cookie_httponly + $this->_config['cookie_path'], + $this->_config['cookie_domain'], + $this->_config['cookie_secure'], + TRUE ); } @@ -230,7 +102,7 @@ abstract class CI_Session_driver implements SessionHandlerInterface { return TRUE; } - if (($this->_lock = sem_get($session_id.($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE) + if (($this->_lock = sem_get($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE) { return FALSE; } |