diff options
10 files changed, 164 insertions, 11 deletions
diff --git a/system/libraries/Session/CI_Session_driver_interface.php b/system/libraries/Session/CI_Session_driver_interface.php index a854e92af..7f62ba49c 100644 --- a/system/libraries/Session/CI_Session_driver_interface.php +++ b/system/libraries/Session/CI_Session_driver_interface.php @@ -55,4 +55,6 @@ interface CI_Session_driver_interface { public function write($session_id, $session_data); public function destroy($session_id); public function gc($maxlifetime); + public function updateTimestamp($session_id, $data); + public function validateId($session_id); } diff --git a/system/libraries/Session/OldSessionWrapper.php b/system/libraries/Session/OldSessionWrapper.php index a8bc1d0c0..c6f8a631d 100644 --- a/system/libraries/Session/OldSessionWrapper.php +++ b/system/libraries/Session/OldSessionWrapper.php @@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @author Andrey Andreev * @link https://codeigniter.com/userguide3/libraries/sessions.html */ -class CI_SessionWrapper implements SessionHandlerInterface { +class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface { protected $driver; @@ -85,4 +85,14 @@ class CI_SessionWrapper implements SessionHandlerInterface { { return $this->driver->gc($maxlifetime); } + + public function updateTimestamp($id, $data) + { + return $this->driver->updateTimestamp($id, $data); + } + + public function validateId($id) + { + return $this->driver->validateId($id); + } } diff --git a/system/libraries/Session/PHP8SessionWrapper.php b/system/libraries/Session/PHP8SessionWrapper.php index c6dfaf7e0..85223b757 100644 --- a/system/libraries/Session/PHP8SessionWrapper.php +++ b/system/libraries/Session/PHP8SessionWrapper.php @@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @author Andrey Andreev * @link https://codeigniter.com/userguide3/libraries/sessions.html */ -class CI_SessionWrapper implements SessionHandlerInterface { +class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface { protected CI_Session_driver_interface $driver; @@ -87,4 +87,14 @@ class CI_SessionWrapper implements SessionHandlerInterface { { return $this->driver->gc($maxlifetime); } + + public function updateTimestamp(string $id, string$data): bool + { + return $this->driver->updateTimestamp($id, $data); + } + + public function validateId(string $id): bool + { + return $this->driver->validateId($id); + } } diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 68dc0ab63..a211ce31b 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -207,6 +207,8 @@ class CI_Session { { // PHP 5.4 compatibility interface_exists('SessionHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionHandlerInterface.php'); + // PHP 7 compatibility + interface_exists('SessionUpdateTimestampHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionUpdateTimestampHandlerInterface.php'); require_once(BASEPATH.'libraries/Session/CI_Session_driver_interface.php'); $wrapper = is_php('8.0') ? 'PHP8SessionWrapper' : 'OldSessionWrapper'; diff --git a/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php new file mode 100644 index 000000000..d48d56889 --- /dev/null +++ b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php @@ -0,0 +1,56 @@ +<?php +/** + * CodeIgniter + * + * An open source application development framework for PHP + * + * This content is released under the MIT License (MIT) + * + * Copyright (c) 2019 - 2022, CodeIgniter Foundation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) + * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2019 - 2022, CodeIgniter Foundation (http://codeigniter.com/) + * @license http://opensource.org/licenses/MIT MIT License + * @link https://codeigniter.com + * @since Version 3.0.0 + * @filesource + */ +defined('BASEPATH') OR exit('No direct script access allowed'); + +/** + * SessionUpdateTimestampHandlerInterface + * + * PHP 7 compatibility interface + * + * @package CodeIgniter + * @subpackage Libraries + * @category Sessions + * @author Andrey Andreev + * @link https://codeigniter.com/userguide3/libraries/sessions.html + */ +interface SessionHandlerInterface { + + public function updateTimestamp($session_id, $data); + public function validateId($session_id); +} diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index ec4b76841..24b4b465e 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -122,7 +122,7 @@ abstract class CI_Session_driver { */ public function php5_validate_id() { - if (isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateSessionId($_COOKIE[$this->_config['cookie_name']])) + if ($this->_success === 0 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']])) { unset($_COOKIE[$this->_config['cookie_name']]); } diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 2f788a1a1..4b475364b 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -345,15 +345,40 @@ class CI_Session_database_driver extends CI_Session_driver implements CI_Session // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->where('id', $id); + if ($this->_config['match_ip']) + { + $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + } + + return (bool) $this->_db->update($this->_config['save_path'], array('timestamp' => time())); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index c912fc71d..be0dc9ede 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -401,15 +401,31 @@ class CI_Session_files_driver extends CI_Session_driver implements CI_Session_dr // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return touch($this->_file_path.$id); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { $result = is_file($this->_file_path.$id); clearstatcache(TRUE, $this->_file_path.$id); diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index d84a9df1d..d1401630d 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -296,15 +296,31 @@ class CI_Session_memcached_driver extends CI_Session_driver implements CI_Sessio // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return $this->_memcached->touch($this->_key_prefix.$id, $this->_config['expiration']); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { $this->_memcached->get($this->_key_prefix.$id); return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index b112a18c8..269dfcd64 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -356,15 +356,31 @@ class CI_Session_redis_driver extends CI_Session_driver implements CI_Session_dr // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return $this->_redis->{$this->_setTimeout_name}($this->_key_prefix.$id, $this->_config['expiration']); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { return (bool) $this->_redis->exists($this->_key_prefix.$id); } |