summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Session')
-rw-r--r--system/libraries/Session/CI_Session_driver_interface.php4
-rw-r--r--system/libraries/Session/OldSessionWrapper.php14
-rw-r--r--system/libraries/Session/PHP8SessionWrapper.php14
-rw-r--r--system/libraries/Session/Session.php4
-rw-r--r--system/libraries/Session/SessionHandlerInterface.php6
-rw-r--r--system/libraries/Session/SessionUpdateTimestampHandlerInterface.php56
-rw-r--r--system/libraries/Session/Session_driver.php4
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php29
-rw-r--r--system/libraries/Session/drivers/Session_files_driver.php22
-rw-r--r--system/libraries/Session/drivers/Session_memcached_driver.php20
-rw-r--r--system/libraries/Session/drivers/Session_redis_driver.php20
11 files changed, 173 insertions, 20 deletions
diff --git a/system/libraries/Session/CI_Session_driver_interface.php b/system/libraries/Session/CI_Session_driver_interface.php
index a854e92af..23a0dfd53 100644
--- a/system/libraries/Session/CI_Session_driver_interface.php
+++ b/system/libraries/Session/CI_Session_driver_interface.php
@@ -29,7 +29,7 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
@@ -55,4 +55,6 @@ interface CI_Session_driver_interface {
public function write($session_id, $session_data);
public function destroy($session_id);
public function gc($maxlifetime);
+ public function updateTimestamp($session_id, $data);
+ public function validateId($session_id);
}
diff --git a/system/libraries/Session/OldSessionWrapper.php b/system/libraries/Session/OldSessionWrapper.php
index a8bc1d0c0..d013c777f 100644
--- a/system/libraries/Session/OldSessionWrapper.php
+++ b/system/libraries/Session/OldSessionWrapper.php
@@ -29,7 +29,7 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
@@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @author Andrey Andreev
* @link https://codeigniter.com/userguide3/libraries/sessions.html
*/
-class CI_SessionWrapper implements SessionHandlerInterface {
+class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface {
protected $driver;
@@ -85,4 +85,14 @@ class CI_SessionWrapper implements SessionHandlerInterface {
{
return $this->driver->gc($maxlifetime);
}
+
+ public function updateTimestamp($id, $data)
+ {
+ return $this->driver->updateTimestamp($id, $data);
+ }
+
+ public function validateId($id)
+ {
+ return $this->driver->validateId($id);
+ }
}
diff --git a/system/libraries/Session/PHP8SessionWrapper.php b/system/libraries/Session/PHP8SessionWrapper.php
index c6dfaf7e0..41889bc61 100644
--- a/system/libraries/Session/PHP8SessionWrapper.php
+++ b/system/libraries/Session/PHP8SessionWrapper.php
@@ -29,7 +29,7 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
@@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @author Andrey Andreev
* @link https://codeigniter.com/userguide3/libraries/sessions.html
*/
-class CI_SessionWrapper implements SessionHandlerInterface {
+class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface {
protected CI_Session_driver_interface $driver;
@@ -87,4 +87,14 @@ class CI_SessionWrapper implements SessionHandlerInterface {
{
return $this->driver->gc($maxlifetime);
}
+
+ public function updateTimestamp(string $id, string$data): bool
+ {
+ return $this->driver->updateTimestamp($id, $data);
+ }
+
+ public function validateId(string $id): bool
+ {
+ return $this->driver->validateId($id);
+ }
}
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 8d3ba2857..a211ce31b 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -182,7 +182,7 @@ class CI_Session {
if ( ! $this->_config['cookie_secure'] && $this->_config['cookie_samesite'] === 'None')
{
- log_message('error', 'Session:', $this->_config['cookie_name'].' cookie sent with SameSite=None, but without Secure attribute.');
+ log_message('error', "Session: '".$this->_config['cookie_name']."' cookie sent with SameSite=None, but without Secure attribute.'");
}
}
@@ -207,6 +207,8 @@ class CI_Session {
{
// PHP 5.4 compatibility
interface_exists('SessionHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionHandlerInterface.php');
+ // PHP 7 compatibility
+ interface_exists('SessionUpdateTimestampHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionUpdateTimestampHandlerInterface.php');
require_once(BASEPATH.'libraries/Session/CI_Session_driver_interface.php');
$wrapper = is_php('8.0') ? 'PHP8SessionWrapper' : 'OldSessionWrapper';
diff --git a/system/libraries/Session/SessionHandlerInterface.php b/system/libraries/Session/SessionHandlerInterface.php
index 914eae03f..eadb63c1a 100644
--- a/system/libraries/Session/SessionHandlerInterface.php
+++ b/system/libraries/Session/SessionHandlerInterface.php
@@ -29,9 +29,9 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (http://bcit.ca/)
- * @copyright Copyright (c) 2019 - 2022, CodeIgniter Foundation (http://codeigniter.com/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
diff --git a/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php
new file mode 100644
index 000000000..fe4a321ab
--- /dev/null
+++ b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
+ * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
+ * @license https://opensource.org/licenses/MIT MIT License
+ * @link https://codeigniter.com
+ * @since Version 3.0.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * SessionUpdateTimestampHandlerInterface
+ *
+ * PHP 7 compatibility interface
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link https://codeigniter.com/userguide3/libraries/sessions.html
+ */
+interface SessionUpdateTimestampHandlerInterface {
+
+ public function updateTimestamp($session_id, $data);
+ public function validateId($session_id);
+}
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index b1b1b073e..24b4b465e 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -122,7 +122,7 @@ abstract class CI_Session_driver {
*/
public function php5_validate_id()
{
- if (isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateSessionId($_COOKIE[$this->_config['cookie_name']]))
+ if ($this->_success === 0 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']]))
{
unset($_COOKIE[$this->_config['cookie_name']]);
}
@@ -153,7 +153,7 @@ abstract class CI_Session_driver {
return setcookie(
$this->_config['cookie_name'],
- NULL,
+ '',
array(
'expires' => 1,
'path' => $this->_config['cookie_path'],
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index 2f788a1a1..4b475364b 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -345,15 +345,40 @@ class CI_Session_database_driver extends CI_Session_driver implements CI_Session
// --------------------------------------------------------------------
/**
+ * Update Timestamp
+ *
+ * Update session timestamp without modifying data
+ *
+ * @param string $id Session ID
+ * @param string $data Unknown & unused
+ * @return bool
+ */
+ public function updateTimestamp($id, $unknown)
+ {
+ // Prevent previous QB calls from messing with our queries
+ $this->_db->reset_query();
+
+ $this->_db->where('id', $id);
+ if ($this->_config['match_ip'])
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ return (bool) $this->_db->update($this->_config['save_path'], array('timestamp' => time()));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Validate ID
*
* Checks whether a session ID record exists server-side,
* to enforce session.use_strict_mode.
*
- * @param string $id
+ * @param string $id Session ID
* @return bool
*/
- public function validateSessionId($id)
+ public function validateId($id)
{
// Prevent previous QB calls from messing with our queries
$this->_db->reset_query();
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index 4b7b9878b..be0dc9ede 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -35,7 +35,7 @@
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
-*/
+ */
defined('BASEPATH') OR exit('No direct script access allowed');
/**
@@ -401,15 +401,31 @@ class CI_Session_files_driver extends CI_Session_driver implements CI_Session_dr
// --------------------------------------------------------------------
/**
+ * Update Timestamp
+ *
+ * Update session timestamp without modifying data
+ *
+ * @param string $id Session ID
+ * @param string $data Unknown & unused
+ * @return bool
+ */
+ public function updateTimestamp($id, $unknown)
+ {
+ return touch($this->_file_path.$id);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Validate ID
*
* Checks whether a session ID record exists server-side,
* to enforce session.use_strict_mode.
*
- * @param string $id
+ * @param string $id Session ID
* @return bool
*/
- public function validateSessionId($id)
+ public function validateId($id)
{
$result = is_file($this->_file_path.$id);
clearstatcache(TRUE, $this->_file_path.$id);
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index d84a9df1d..d1401630d 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -296,15 +296,31 @@ class CI_Session_memcached_driver extends CI_Session_driver implements CI_Sessio
// --------------------------------------------------------------------
/**
+ * Update Timestamp
+ *
+ * Update session timestamp without modifying data
+ *
+ * @param string $id Session ID
+ * @param string $data Unknown & unused
+ * @return bool
+ */
+ public function updateTimestamp($id, $unknown)
+ {
+ return $this->_memcached->touch($this->_key_prefix.$id, $this->_config['expiration']);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Validate ID
*
* Checks whether a session ID record exists server-side,
* to enforce session.use_strict_mode.
*
- * @param string $id
+ * @param string $id Session ID
* @return bool
*/
- public function validateSessionId($id)
+ public function validateId($id)
{
$this->_memcached->get($this->_key_prefix.$id);
return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS);
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index b112a18c8..269dfcd64 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -356,15 +356,31 @@ class CI_Session_redis_driver extends CI_Session_driver implements CI_Session_dr
// --------------------------------------------------------------------
/**
+ * Update Timestamp
+ *
+ * Update session timestamp without modifying data
+ *
+ * @param string $id Session ID
+ * @param string $data Unknown & unused
+ * @return bool
+ */
+ public function updateTimestamp($id, $unknown)
+ {
+ return $this->_redis->{$this->_setTimeout_name}($this->_key_prefix.$id, $this->_config['expiration']);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Validate ID
*
* Checks whether a session ID record exists server-side,
* to enforce session.use_strict_mode.
*
- * @param string $id
+ * @param string $id Session ID
* @return bool
*/
- public function validateSessionId($id)
+ public function validateId($id)
{
return (bool) $this->_redis->exists($this->_key_prefix.$id);
}