From 47a47fb9fafdb26206d01d846d8013f6e883eb37 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 31 May 2014 16:08:30 +0300 Subject: Initial version of new Session library --- system/libraries/Session/Session_driver.php | 202 ++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 system/libraries/Session/Session_driver.php (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php new file mode 100644 index 000000000..c46ca3a34 --- /dev/null +++ b/system/libraries/Session/Session_driver.php @@ -0,0 +1,202 @@ + &$value) + { + $key = (strncmp($key, 'sess_', 5) === 0) + ? substr($key, 4) + : '_'.$key; + + property_exists($this, $key) && $this->$key = $value; + } + + isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration'); + isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name'); + isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain'); + isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path'); + isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure'); + isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly'); + isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip'); + + // Pass our configuration to php.ini, when appropriate + ini_set('session.name', $this->_cookie_name); + isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain); + isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path); + isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure); + isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly); + + if ($this->_expiration) + { + ini_set('session.gc_maxlifetime', $this->_expiration); + } + + // Security is king + ini_set('session.use_trans_id', 0); + ini_set('session.use_strict_mode', 1); + ini_set('session.use_cookies', 1); + ini_set('session.use_only_cookies', 1); + ini_set('session.hash_function', 1); + ini_set('session.hash_bits_per_character', 4); + + // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827) + // + // The session ID sanitizer doesn't check for the value type and blindly does + // an implicit cast to string, which triggers an 'Array to string' E_NOTICE. + if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name])) + { + unset($_COOKIE[$this->_cookie_name]); + } + +/* + Need to test if this is necessary for a custom driver or if it's only + relevant to PHP's own files handler. + + https://bugs.php.net/bug.php?id=65475 + do this after session is started: + if (is_php('5.5.2') && ! is_php('5.5.4')) + { + $session_id = session_id(); + if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file)) + { + unlink(); + } + + setcookie( + $this->_cookie_name, + $session_id, + $this->_expiration + ? time() + $this->_expiration + : 0, + $this->_cookie_path, + $this->_cookie_domain, + $this->_cookie_secure, + $this->_cookie_httponly + ); + } +*/ + } + + // ------------------------------------------------------------------------ + + protected function _cookie_destroy() + { + return setcookie( + $this->_cookie_name, + NULL, + 1, + $this->_cookie_path, + $this->_cookie_domain, + $this->_cookie_secure, + $this->_cookie_httponly + ); + } + +} + +/* End of file Session_driver.php */ +/* Location: ./system/libraries/Session/Session_driver.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From ac4f47283a6a8ce575f59c15c1a08ad3bc2efdd9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 2 Jun 2014 11:16:32 +0300 Subject: #3073: BC workarounds for sess_use_database, sess_expire_on_close --- system/libraries/Session/Session_driver.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index c46ca3a34..cc35b66d1 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -133,6 +133,12 @@ abstract class CI_Session_driver implements SessionHandlerInterface { if ($this->_expiration) { ini_set('session.gc_maxlifetime', $this->_expiration); + ini_set('session.cookie_lifetime', $this->_expiration); + } + // BC workaround for setting cookie lifetime + elseif (config_item('sess_expire_on_close')) + { + ini_set('session.cookie_lifetime', 0); } // Security is king -- cgit v1.2.3-24-g4f1b From 93d9fa77732b2538417b934a9c23293ee465a23d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 22:14:36 +0300 Subject: feature/session (#3073): Rework locking mechanism & add Redis driver --- system/libraries/Session/Session_driver.php | 64 ++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index cc35b66d1..a3bc392ad 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -90,12 +90,19 @@ abstract class CI_Session_driver implements SessionHandlerInterface { protected $_match_ip; /** - * Data dash + * Data fingerprint * * @var bool */ protected $_fingerprint; + /** + * Lock placeholder + * + * @var mixed + */ + protected $_lock = FALSE; + // ------------------------------------------------------------------------ /** @@ -202,6 +209,61 @@ abstract class CI_Session_driver implements SessionHandlerInterface { ); } + // ------------------------------------------------------------------------ + + /** + * Get lock + * + * A default locking mechanism via semaphores, if ext/sysvsem is available. + * + * Drivers will usually override this and only fallback to it if no other + * locking mechanism is available. + * + * @param string $session_id + * @return bool + */ + protected function _get_lock($session_id) + { + if ( ! extension_loaded('sysvsem')) + { + $this->_lock = TRUE; + return TRUE; + } + + if (($this->_lock = sem_get($session_id.($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE) + { + return FALSE; + } + + if ( ! sem_acquire($this->_lock)) + { + sem_remove($this->_lock); + $this->_lock = FALSE; + return FALSE; + } + + return TRUE; + } + + // ------------------------------------------------------------------------ + + /** + * Release lock + * + * @return bool + */ + protected function _release_lock() + { + if (extension_loaded('sysvsem') && $this->_lock) + { + sem_release($this->_lock); + sem_remove($this->_lock); + $this->_lock = FALSE; + } + + return TRUE; + } + } /* End of file Session_driver.php */ -- cgit v1.2.3-24-g4f1b From dfb39bec5faf77e806e55f3ee9d2138e57d55010 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 6 Oct 2014 01:50:14 +0300 Subject: feature/session (#3073): Refactor configuration & fix cookie expiry times --- system/libraries/Session/Session_driver.php | 146 ++-------------------------- 1 file changed, 9 insertions(+), 137 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index a3bc392ad..fb695dade 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -37,57 +37,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ abstract class CI_Session_driver implements SessionHandlerInterface { - // WARNING! Setting default values to properties will - // prevent using the configuration file values. - - /** - * Expiration time - * - * @var int - */ - protected $_expiration; - - /** - * Cookie name - * - * @var string - */ - protected $_cookie_name; - - /** - * Cookie domain - * - * @var string - */ - protected $_cookie_domain; - - /** - * Cookie path - * - * @var string - */ - protected $_cookie_path; - - /** - * Cookie secure flag - * - * @var bool - */ - protected $_cookie_secure; - - /** - * Cookie HTTP-only flag - * - * @var bool - */ - protected $_cookie_httponly; - - /** - * Match IP addresses flag - * - * @var bool - */ - protected $_match_ip; + protected $_config; /** * Data fingerprint @@ -111,87 +61,9 @@ abstract class CI_Session_driver implements SessionHandlerInterface { * @param array $params Configuration parameters * @return void */ - public function __construct($params) + public function __construct(&$params) { - foreach ($params as $key => &$value) - { - $key = (strncmp($key, 'sess_', 5) === 0) - ? substr($key, 4) - : '_'.$key; - - property_exists($this, $key) && $this->$key = $value; - } - - isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration'); - isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name'); - isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain'); - isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path'); - isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure'); - isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly'); - isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip'); - - // Pass our configuration to php.ini, when appropriate - ini_set('session.name', $this->_cookie_name); - isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain); - isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path); - isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure); - isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly); - - if ($this->_expiration) - { - ini_set('session.gc_maxlifetime', $this->_expiration); - ini_set('session.cookie_lifetime', $this->_expiration); - } - // BC workaround for setting cookie lifetime - elseif (config_item('sess_expire_on_close')) - { - ini_set('session.cookie_lifetime', 0); - } - - // Security is king - ini_set('session.use_trans_id', 0); - ini_set('session.use_strict_mode', 1); - ini_set('session.use_cookies', 1); - ini_set('session.use_only_cookies', 1); - ini_set('session.hash_function', 1); - ini_set('session.hash_bits_per_character', 4); - - // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827) - // - // The session ID sanitizer doesn't check for the value type and blindly does - // an implicit cast to string, which triggers an 'Array to string' E_NOTICE. - if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name])) - { - unset($_COOKIE[$this->_cookie_name]); - } - -/* - Need to test if this is necessary for a custom driver or if it's only - relevant to PHP's own files handler. - - https://bugs.php.net/bug.php?id=65475 - do this after session is started: - if (is_php('5.5.2') && ! is_php('5.5.4')) - { - $session_id = session_id(); - if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file)) - { - unlink(); - } - - setcookie( - $this->_cookie_name, - $session_id, - $this->_expiration - ? time() + $this->_expiration - : 0, - $this->_cookie_path, - $this->_cookie_domain, - $this->_cookie_secure, - $this->_cookie_httponly - ); - } -*/ + $this->_config =& $params; } // ------------------------------------------------------------------------ @@ -199,13 +71,13 @@ abstract class CI_Session_driver implements SessionHandlerInterface { protected function _cookie_destroy() { return setcookie( - $this->_cookie_name, + $this->_config['cookie_name'], NULL, 1, - $this->_cookie_path, - $this->_cookie_domain, - $this->_cookie_secure, - $this->_cookie_httponly + $this->_config['cookie_path'], + $this->_config['cookie_domain'], + $this->_config['cookie_secure'], + TRUE ); } @@ -230,7 +102,7 @@ abstract class CI_Session_driver implements SessionHandlerInterface { return TRUE; } - if (($this->_lock = sem_get($session_id.($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE) + if (($this->_lock = sem_get($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE) { return FALSE; } -- cgit v1.2.3-24-g4f1b From 7474a6799b44e4988b6a7a4adcc2901ec0b993b4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 31 Oct 2014 23:35:32 +0200 Subject: #3073 (feature/session): Fix session_regenerate_id() issues --- system/libraries/Session/Session_driver.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index fb695dade..ad64e238a 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -53,6 +53,16 @@ abstract class CI_Session_driver implements SessionHandlerInterface { */ protected $_lock = FALSE; + /** + * Read session ID + * + * Used to detect session_regenerate_id() calls because PHP only calls + * write() after regenerating the ID. + * + * @var string + */ + protected $_session_id; + // ------------------------------------------------------------------------ /** -- cgit v1.2.3-24-g4f1b From 46f2f26d7cc43c548ea3f2978f532754b3476d5f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 11 Nov 2014 14:37:51 +0200 Subject: [ci skip] Update system/libraries/Session/ with the MIT license notice --- system/libraries/Session/Session_driver.php | 45 ++++++++++++++++++----------- 1 file changed, 28 insertions(+), 17 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index ad64e238a..0eca83905 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -4,24 +4,35 @@ * * An open source application development framework for PHP 5.2.4 or newer * - * NOTICE OF LICENSE + * This content is released under the MIT License (MIT) * - * Licensed under the Open Software License version 3.0 + * Copyright (c) 2014, British Columbia Institute of Technology * - * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is - * also available through the world wide web at this URL: - * http://opensource.org/licenses/OSL-3.0 - * If you did not receive a copy of the license and are unable to obtain it - * through the world wide web, please send an email to - * licensing@ellislab.com so we can send you a copy immediately. + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: * - * @package CodeIgniter - * @author EllisLab Dev Team + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) - * @link http://codeigniter.com - * @since Version 3.0 + * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/) + * @license http://opensource.org/licenses/MIT MIT License + * @link http://codeigniter.com + * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); @@ -29,11 +40,11 @@ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Driver Class * - * @package CodeIgniter + * @package CodeIgniter * @subpackage Libraries * @category Sessions - * @author Andrey Andreev - * @link http://codeigniter.com/user_guide/libraries/sessions.html + * @author Andrey Andreev + * @link http://codeigniter.com/user_guide/libraries/sessions.html */ abstract class CI_Session_driver implements SessionHandlerInterface { -- cgit v1.2.3-24-g4f1b From bf6b11d7d9732dbc46ca0ea897cfd4023fff7844 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 12 Jan 2015 17:27:12 +0200 Subject: [ci skip] Remove PHP version from license notices and bump year --- system/libraries/Session/Session_driver.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 0eca83905..944659c4c 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.2.4 or newer + * An open source application development framework for PHP 5.2.4 * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014, British Columbia Institute of Technology + * Copyright (c) 2014 - 2015, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link http://codeigniter.com * @since Version 3.0.0 -- cgit v1.2.3-24-g4f1b From 19c25249a9d4f379773d9def3390c2e44dde0a22 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 14 Jan 2015 22:13:36 +0200 Subject: Fix #3473 I don't know why I thought of semaphores in the first place ... --- system/libraries/Session/Session_driver.php | 30 +++++------------------------ 1 file changed, 5 insertions(+), 25 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 944659c4c..de1908ac6 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -107,34 +107,16 @@ abstract class CI_Session_driver implements SessionHandlerInterface { /** * Get lock * - * A default locking mechanism via semaphores, if ext/sysvsem is available. - * - * Drivers will usually override this and only fallback to it if no other - * locking mechanism is available. + * A dummy method allowing drivers with no locking functionality + * (databases other than PostgreSQL and MySQL) to act as if they + * do acquire a lock. * * @param string $session_id * @return bool */ protected function _get_lock($session_id) { - if ( ! extension_loaded('sysvsem')) - { - $this->_lock = TRUE; - return TRUE; - } - - if (($this->_lock = sem_get($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE) - { - return FALSE; - } - - if ( ! sem_acquire($this->_lock)) - { - sem_remove($this->_lock); - $this->_lock = FALSE; - return FALSE; - } - + $this->_lock = TRUE; return TRUE; } @@ -147,10 +129,8 @@ abstract class CI_Session_driver implements SessionHandlerInterface { */ protected function _release_lock() { - if (extension_loaded('sysvsem') && $this->_lock) + if ($this->_lock) { - sem_release($this->_lock); - sem_remove($this->_lock); $this->_lock = FALSE; } -- cgit v1.2.3-24-g4f1b From 10411fc94395bdf217e8bbae61e0af3a73d37325 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 19 Jan 2015 13:54:53 +0200 Subject: [ci skip] feature/session (#3073): Add missing method docblocks --- system/libraries/Session/Session_driver.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index de1908ac6..c4fbde4f8 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -89,6 +89,14 @@ abstract class CI_Session_driver implements SessionHandlerInterface { // ------------------------------------------------------------------------ + /** + * Cookie destroy + * + * Internal method to force removal of a cookie by the client + * when session_destroy() is called. + * + * @return bool + */ protected function _cookie_destroy() { return setcookie( -- cgit v1.2.3-24-g4f1b From 90da83c91c3359e656dec99b5be4f1779608f3b1 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 19 Jan 2015 17:23:08 +0200 Subject: A minor header update, CI_Session_driver. --- system/libraries/Session/Session_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index c4fbde4f8..8edd31999 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.2.4 + * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * -- cgit v1.2.3-24-g4f1b From 4cbe463b4c442e0e2dae2f43565e77f7ac5ecb86 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Wed, 21 Jan 2015 22:56:22 +0100 Subject: Remove closing blocks at end of PHP files --- system/libraries/Session/Session_driver.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 8edd31999..47376da5b 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -146,6 +146,3 @@ abstract class CI_Session_driver implements SessionHandlerInterface { } } - -/* End of file Session_driver.php */ -/* Location: ./system/libraries/Session/Session_driver.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From af849696d43f5c3b68962af1ae5096151a6d9f1a Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 12 Dec 2015 14:07:39 +0200 Subject: [ci skip] Proper error handling for Sessions on PHP 5 This was actually a PHP bug, see https://wiki.php.net/rfc/session.user.return-value Also related: #4039 --- system/libraries/Session/Session_driver.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 47376da5b..64b4bb511 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -74,6 +74,18 @@ abstract class CI_Session_driver implements SessionHandlerInterface { */ protected $_session_id; + /** + * Success and failure return values + * + * Necessary due to a bug in all PHP 5 versions where return values + * from userspace handlers are not handled properly. PHP 7 fixes the + * bug, so we need to return different values depending on the version. + * + * @see https://wiki.php.net/rfc/session.user.return-value + * @var mixed + */ + protected $_success, $_failure; + // ------------------------------------------------------------------------ /** @@ -85,6 +97,17 @@ abstract class CI_Session_driver implements SessionHandlerInterface { public function __construct(&$params) { $this->_config =& $params; + + if (is_php('7')) + { + $this->_success = TRUE; + $this->_failure = FALSE; + } + else + { + $this->_success = 0; + $this->_failure = -1; + } } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From 125ef4751080a2118cb203357d77687699e3eb25 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:33:00 +0200 Subject: [ci skip] Bump year to 2016 --- system/libraries/Session/Session_driver.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 64b4bb511..6d66e274b 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2015, British Columbia Institute of Technology + * Copyright (c) 2014 - 2016, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link http://codeigniter.com * @since Version 3.0.0 -- cgit v1.2.3-24-g4f1b From bd202c91b0e9cf0a8c93bcaa71df9574f5909346 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:50:18 +0200 Subject: [ci skip] Update codeigniter.com links to https --- system/libraries/Session/Session_driver.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 6d66e274b..02d984cdf 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -31,7 +31,7 @@ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License - * @link http://codeigniter.com + * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ @@ -44,7 +44,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @subpackage Libraries * @category Sessions * @author Andrey Andreev - * @link http://codeigniter.com/user_guide/libraries/sessions.html + * @link https://codeigniter.com/user_guide/libraries/sessions.html */ abstract class CI_Session_driver implements SessionHandlerInterface { -- cgit v1.2.3-24-g4f1b From 1924e879b165fb119847a49a7a5eab2f28295fa2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:55:34 +0200 Subject: [ci skip] Update ellislab.com links to https too --- system/libraries/Session/Session_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 02d984cdf..98fc897e3 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -28,7 +28,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com -- cgit v1.2.3-24-g4f1b From a027a7fd0d770cec0d71e888d8b6f4aa1568ce9f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 10 Mar 2016 13:59:20 +0200 Subject: Improve ext/session error messages --- system/libraries/Session/Session_driver.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 98fc897e3..55ddb25e0 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -168,4 +168,24 @@ abstract class CI_Session_driver implements SessionHandlerInterface { return TRUE; } + // ------------------------------------------------------------------------ + + /** + * Fail + * + * Drivers other than the 'files' one don't (need to) use the + * session.save_path INI setting, but that leads to confusing + * error messages emitted by PHP when open() or write() fail, + * as the message contains session.save_path ... + * To work around the problem, the drivers will call this method + * so that the INI is set just in time for the error message to + * be properly generated. + * + * @return mixed + */ + protected function _fail() + { + ini_set('session.save_path', config_item('sess_save_path')); + return $this->_failure; + } } -- cgit v1.2.3-24-g4f1b From da60e9bc66ec90970fbd2dfd08b0a6e66b9f5f5f Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Sat, 31 Dec 2016 08:46:18 -0800 Subject: Update copyright data to 2017 --- system/libraries/Session/Session_driver.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Session/Session_driver.php') diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index 55ddb25e0..f32f14ae0 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 -- cgit v1.2.3-24-g4f1b