From dfb39bec5faf77e806e55f3ee9d2138e57d55010 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 6 Oct 2014 01:50:14 +0300
Subject: feature/session (#3073): Refactor configuration & fix cookie expiry
 times

---
 system/libraries/Session/Session_driver.php | 146 ++--------------------------
 1 file changed, 9 insertions(+), 137 deletions(-)

(limited to 'system/libraries/Session/Session_driver.php')

diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index a3bc392ad..fb695dade 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -37,57 +37,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  */
 abstract class CI_Session_driver implements SessionHandlerInterface {
 
-	// WARNING! Setting default values to properties will
-	// prevent using the configuration file values.
-
-	/**
-	 * Expiration time
-	 *
-	 * @var	int
-	 */
-	protected $_expiration;
-
-	/**
-	 * Cookie name
-	 *
-	 * @var	string
-	 */
-	protected $_cookie_name;
-
-	/**
-	 * Cookie domain
-	 *
-	 * @var	string
-	 */
-	protected $_cookie_domain;
-
-	/**
-	 * Cookie path
-	 *
-	 * @var	string
-	 */
-	protected $_cookie_path;
-
-	/**
-	 * Cookie secure flag
-	 *
-	 * @var	bool
-	 */
-	protected $_cookie_secure;
-
-	/**
-	 * Cookie HTTP-only flag
-	 *
-	 * @var	bool
-	 */
-	protected $_cookie_httponly;
-
-	/**
-	 * Match IP addresses flag
-	 *
-	 * @var	bool
-	 */
-	protected $_match_ip;
+	protected $_config;
 
 	/**
 	 * Data fingerprint
@@ -111,87 +61,9 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 	 * @param	array	$params	Configuration parameters
 	 * @return	void
 	 */
-	public function __construct($params)
+	public function __construct(&$params)
 	{
-		foreach ($params as $key => &$value)
-		{
-			$key = (strncmp($key, 'sess_', 5) === 0)
-				? substr($key, 4)
-				: '_'.$key;
-
-			property_exists($this, $key) && $this->$key = $value;
-		}
-
-		isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration');
-		isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name');
-		isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain');
-		isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path');
-		isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure');
-		isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly');
-		isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip');
-
-		// Pass our configuration to php.ini, when appropriate
-		ini_set('session.name', $this->_cookie_name);
-		isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain);
-		isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path);
-		isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure);
-		isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly);
-
-		if ($this->_expiration)
-		{
-			ini_set('session.gc_maxlifetime', $this->_expiration);
-			ini_set('session.cookie_lifetime', $this->_expiration);
-		}
-		// BC workaround for setting cookie lifetime
-		elseif (config_item('sess_expire_on_close'))
-		{
-			ini_set('session.cookie_lifetime', 0);
-		}
-
-		// Security is king
-		ini_set('session.use_trans_id', 0);
-		ini_set('session.use_strict_mode', 1);
-		ini_set('session.use_cookies', 1);
-		ini_set('session.use_only_cookies', 1);
-		ini_set('session.hash_function', 1);
-		ini_set('session.hash_bits_per_character', 4);
-
-		// Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
-		//
-		// The session ID sanitizer doesn't check for the value type and blindly does
-		// an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
-		if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name]))
-		{
-			unset($_COOKIE[$this->_cookie_name]);
-		}
-
-/*
-		Need to test if this is necessary for a custom driver or if it's only
-		relevant to PHP's own files handler.
-
-		https://bugs.php.net/bug.php?id=65475
-		do this after session is started:
-		if (is_php('5.5.2') && ! is_php('5.5.4'))
-		{
-			$session_id = session_id();
-			if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file))
-			{
-				unlink(<teh file>);
-			}
-
-			setcookie(
-				$this->_cookie_name,
-				$session_id,
-				$this->_expiration
-					? time() + $this->_expiration
-					: 0,
-				$this->_cookie_path,
-				$this->_cookie_domain,
-				$this->_cookie_secure,
-				$this->_cookie_httponly
-			);
-		}
-*/
+		$this->_config =& $params;
 	}
 
 	// ------------------------------------------------------------------------
@@ -199,13 +71,13 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 	protected function _cookie_destroy()
 	{
 		return setcookie(
-			$this->_cookie_name,
+			$this->_config['cookie_name'],
 			NULL,
 			1,
-			$this->_cookie_path,
-			$this->_cookie_domain,
-			$this->_cookie_secure,
-			$this->_cookie_httponly
+			$this->_config['cookie_path'],
+			$this->_config['cookie_domain'],
+			$this->_config['cookie_secure'],
+			TRUE
 		);
 	}
 
@@ -230,7 +102,7 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 			return TRUE;
 		}
 
-		if (($this->_lock = sem_get($session_id.($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE)
+		if (($this->_lock = sem_get($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''), 1, 0644)) === FALSE)
 		{
 			return FALSE;
 		}
-- 
cgit v1.2.3-24-g4f1b