From 00025885b8042114c3b1859855656a94316b4e57 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 11 Feb 2015 16:23:46 +0200 Subject: Fix undefined variable notice in Session redis, memcached drivers --- system/libraries/Session/drivers/Session_memcached_driver.php | 2 +- system/libraries/Session/drivers/Session_redis_driver.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index 600b8ca66..f1a6e2400 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -361,7 +361,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa { if ( ! $this->_memcached->delete($this->_lock_key) && $this->_memcached->getResultCode() !== Memcached::RES_NOTFOUND) { - log_message('error', 'Session: Error while trying to free lock for '.$this->_key_prefix.$session_id); + log_message('error', 'Session: Error while trying to free lock for '.$this->_lock_key); return FALSE; } diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index c3c75b3b6..1cc4d75d7 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -381,7 +381,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle { if ( ! $this->_redis->delete($this->_lock_key)) { - log_message('error', 'Session: Error while trying to free lock for '.$this->_key_prefix.$session_id); + log_message('error', 'Session: Error while trying to free lock for '.$this->_lock_key); return FALSE; } -- cgit v1.2.3-24-g4f1b From c02952d2e6ccf0ee227836683d33239c8ef4e2df Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Feb 2015 13:04:38 +0200 Subject: Fix a typo in CI_Session --- system/libraries/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index de9b1e829..f3b819af9 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -314,7 +314,7 @@ class CI_Session { $this->_config = $params; // Security is king - ini_set('session.use_trans_id', 0); + ini_set('session.use_trans_sid', 0); ini_set('session.use_strict_mode', 1); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); -- cgit v1.2.3-24-g4f1b From b68a811f1a09b8d6012b6782b36a988daf68a82e Mon Sep 17 00:00:00 2001 From: Tjoosten Date: Sun, 15 Feb 2015 22:44:24 +0100 Subject: add --- system/libraries/Session/index.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/index.html b/system/libraries/Session/index.html index c942a79ce..b702fbc39 100644 --- a/system/libraries/Session/index.html +++ b/system/libraries/Session/index.html @@ -1,3 +1,4 @@ + 403 Forbidden @@ -7,4 +8,4 @@

Directory access is forbidden.

- \ No newline at end of file + -- cgit v1.2.3-24-g4f1b From 3cf58eaf15abaa1b5ab3e9ff671f174c9455b28f Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Tue, 17 Feb 2015 20:03:09 +0200 Subject: Finishing PR #3596 --- system/libraries/Session/drivers/index.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/index.html b/system/libraries/Session/drivers/index.html index c942a79ce..b702fbc39 100644 --- a/system/libraries/Session/drivers/index.html +++ b/system/libraries/Session/drivers/index.html @@ -1,3 +1,4 @@ + 403 Forbidden @@ -7,4 +8,4 @@

Directory access is forbidden.

- \ No newline at end of file + -- cgit v1.2.3-24-g4f1b From 6c7c8917d853bcd4acdce930b9afa537b2fb8b95 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Feb 2015 14:44:18 +0200 Subject: Remove 'autoinit' DB setting It doesn't make sense to do a load->database() call but not connect to the database. IIRC there was more stuff in CI_DB_driver::initialize() at some point, so that was probably the reason why the setting existed in the first place. However, now it only results in users making invalid bug reports because they don't understand the feature ... Examples during just the past 2 weeks: #3571 #3601 #3607 --- system/libraries/Session/drivers/Session_database_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 20cec00fd..f496b4fe0 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -122,7 +122,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan public function open($save_path, $name) { return empty($this->_db->conn_id) - ? ( ! $this->_db->autoinit && $this->_db->db_connect()) + ? (bool) $this->_db->db_connect() : TRUE; } -- cgit v1.2.3-24-g4f1b From c519b26d78edb21fd189e73f0feb12690aa34f2d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 19:20:03 +0200 Subject: Fix #3610 --- system/libraries/Session/drivers/Session_files_driver.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index 5852277e8..74528e9d2 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -299,7 +299,9 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle { if ($this->close()) { - return unlink($this->_file_path.$session_id) && $this->_cookie_destroy(); + return file_exists($this->_file_path.$session_id) + ? (unlink($this->_file_path.$session_id) && $this->_cookie_destroy()) + : TRUE; } elseif ($this->_file_path !== NULL) { -- cgit v1.2.3-24-g4f1b From abc8f00465beb4cb99cc533ab2dbf3cb4191cbbe Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 23 Feb 2015 08:38:06 +0200 Subject: [ci skip] Fix #3618 --- system/libraries/Session/drivers/Session_redis_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 1cc4d75d7..5fbb5222c 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -272,7 +272,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle { if (isset($this->_redis, $this->_lock_key)) { - if ($this->_redis->delete($this->_key_prefix.$session_id) !== 1) + if (($result = $this->_redis->delete($this->_key_prefix.$session_id)) !== 1) { log_message('debug', 'Session: Redis::delete() expected to return 1, got '.var_export($result, TRUE).' instead.'); } -- cgit v1.2.3-24-g4f1b From e1a5bb345b1b30ea777348efa9cade21c1f2e2fb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 4 Mar 2015 13:33:39 +0200 Subject: Fix #3627: Keep timed locks for more than 5 seconds Emulated locks for Redis and Memcached now have a TTL of 300 seconds (the default HTTP request timeout value on many environments) and 30 attemps, each separated by sleep(1), are made by the blocked request to try and obtain a lock if it has been freed. Additionaly, the blocking time for MySQL's locks, which are also timed, is also set to 300 seconds. --- .../Session/drivers/Session_database_driver.php | 2 +- .../Session/drivers/Session_memcached_driver.php | 30 +++++----------- .../Session/drivers/Session_redis_driver.php | 40 +++++++--------------- 3 files changed, 23 insertions(+), 49 deletions(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index f496b4fe0..76c1cf34e 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -319,7 +319,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan if ($this->_platform === 'mysql') { $arg = $session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''); - if ($this->_db->query("SELECT GET_LOCK('".$arg."', 10) AS ci_session_lock")->row()->ci_session_lock) + if ($this->_db->query("SELECT GET_LOCK('".$arg."', 300) AS ci_session_lock")->row()->ci_session_lock) { $this->_lock = $arg; return TRUE; diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index f1a6e2400..938a612d9 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -204,7 +204,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa if (isset($this->_lock_key)) { - $this->_memcached->replace($this->_lock_key, time(), 5); + $this->_memcached->replace($this->_lock_key, time(), 300); if ($this->_fingerprint !== ($fingerprint = md5($session_data))) { if ($this->_memcached->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration'])) @@ -299,34 +299,21 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa { if (isset($this->_lock_key)) { - return $this->_memcached->replace($this->_lock_key, time(), 5); + return $this->_memcached->replace($this->_lock_key, time(), 300); } + // 30 attempts to obtain a lock, in case another request already has it $lock_key = $this->_key_prefix.$session_id.':lock'; - if ( ! ($ts = $this->_memcached->get($lock_key))) - { - if ( ! $this->_memcached->set($lock_key, TRUE, 5)) - { - log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); - return FALSE; - } - - $this->_lock_key = $lock_key; - $this->_lock = TRUE; - return TRUE; - } - - // Another process has the lock, we'll try to wait for it to free itself ... $attempt = 0; - while ($attempt++ < 5) + do { - usleep(((time() - $ts) * 1000000) - 20000); - if (($ts = $this->_memcached->get($lock_key)) < time()) + if ($this->_memcached->get($lock_key)) { + sleep(1); continue; } - if ( ! $this->_memcached->set($lock_key, time(), 5)) + if ( ! $this->_memcached->set($lock_key, time(), 300)) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; @@ -335,8 +322,9 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa $this->_lock_key = $lock_key; break; } + while ($attempt++ < 30); - if ($attempt === 5) + if ($attempt === 30) { log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.'); return FALSE; diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 5fbb5222c..1ce101daf 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -205,7 +205,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle if (isset($this->_lock_key)) { - $this->_redis->setTimeout($this->_lock_key, 5); + $this->_redis->setTimeout($this->_lock_key, 300); if ($this->_fingerprint !== ($fingerprint = md5($session_data))) { if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration'])) @@ -313,40 +313,21 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle { if (isset($this->_lock_key)) { - return $this->_redis->setTimeout($this->_lock_key, 5); + return $this->_redis->setTimeout($this->_lock_key, 300); } + // 30 attempts to obtain a lock, in case another request already has it $lock_key = $this->_key_prefix.$session_id.':lock'; - if (($ttl = $this->_redis->ttl($lock_key)) < 1) - { - if ( ! $this->_redis->setex($lock_key, 5, time())) - { - log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); - return FALSE; - } - - $this->_lock_key = $lock_key; - - if ($ttl === -1) - { - log_message('debug', 'Session: Lock for '.$this->_key_prefix.$session_id.' had no TTL, overriding.'); - } - - $this->_lock = TRUE; - return TRUE; - } - - // Another process has the lock, we'll try to wait for it to free itself ... $attempt = 0; - while ($attempt++ < 5) + do { - usleep(($ttl * 1000000) - 20000); if (($ttl = $this->_redis->ttl($lock_key)) > 0) { + sleep(1); continue; } - if ( ! $this->_redis->setex($lock_key, 5, time())) + if ( ! $this->_redis->setex($lock_key, 300, time())) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; @@ -355,12 +336,17 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle $this->_lock_key = $lock_key; break; } + while ($attempt++ < 30); - if ($attempt === 5) + if ($attempt === 30) { - log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.'); + log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 30 attempts, aborting.'); return FALSE; } + elseif ($ttl === -1) + { + log_message('debug', 'Session: Lock for '.$this->_key_prefix.$session_id.' had no TTL, overriding.'); + } $this->_lock = TRUE; return TRUE; -- cgit v1.2.3-24-g4f1b From c1dc446cc60f449eb4fa35bb2bbe8e95d3edc9f8 Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Fri, 6 Mar 2015 22:22:24 -0800 Subject: Housekeeping. Corrected typo in user guide for sessions, corrected misepelled key in calendar language file, added two links & updated wording on the repo readme. Signed-off-by:Master Yoda --- system/libraries/Session/drivers/Session_memcached_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index 938a612d9..c7185ee44 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -326,7 +326,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa if ($attempt === 30) { - log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.'); + log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 30 attempts, aborting.'); return FALSE; } -- cgit v1.2.3-24-g4f1b From 34b92c6c058a27fda4572f16af41340e0b46f4df Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 12 Mar 2015 12:42:00 +0200 Subject: Throw an exception on invalid session driver config --- system/libraries/Session/Session.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index f3b819af9..54d31ee1a 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -94,10 +94,7 @@ class CI_Session { $this->_driver = 'database'; } - if (($class = $this->_ci_load_classes($this->_driver)) === FALSE) - { - return; - } + $class = $this->_ci_load_classes($this->_driver); // Configuration ... $this->_configure($params); @@ -230,8 +227,7 @@ class CI_Session { if ( ! class_exists('CI_'.$class, FALSE) && ! class_exists($class, FALSE)) { - log_message('error', "Session: Configured driver '".$driver."' was not found. Aborting."); - return FALSE; + throw new \UnexpectedValueException("Session: Configured driver '".$driver."' was not found. Aborting."); } } -- cgit v1.2.3-24-g4f1b From 1d19520c7bc40280050b59e05a212ecedd9edd53 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Mar 2015 11:25:29 +0200 Subject: [ci skip] Remove NS usage in CI_Session It was accidental --- system/libraries/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 54d31ee1a..bb457c659 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -227,7 +227,7 @@ class CI_Session { if ( ! class_exists('CI_'.$class, FALSE) && ! class_exists($class, FALSE)) { - throw new \UnexpectedValueException("Session: Configured driver '".$driver."' was not found. Aborting."); + throw new UnexpectedValueException("Session: Configured driver '".$driver."' was not found. Aborting."); } } -- cgit v1.2.3-24-g4f1b From 737a5660c09e844d44969d1b7e8165b5f0296e37 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Mar 2015 12:41:38 +0200 Subject: [ci skip] Forbid DB session usage with cache_on enabled --- system/libraries/Session/drivers/Session_database_driver.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 76c1cf34e..1d01c2923 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -93,6 +93,10 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan { throw new Exception('Configured database connection is persistent. Aborting.'); } + elseif ($this->_db->cache_on) + { + throw new Exception('Configured database connection has cache enabled. Aborting.'); + } $db_driver = $this->_db->dbdriver.(empty($this->_db->subdriver) ? '' : '_'.$this->_db->subdriver); if (strpos($db_driver, 'mysql') !== FALSE) -- cgit v1.2.3-24-g4f1b From 2f79f9a9e8a5b167ce899609a2058c4d2f480aa8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 26 Mar 2015 12:52:05 +0200 Subject: Improve Session GC for files driver Close #3701 --- system/libraries/Session/drivers/Session_files_driver.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index 74528e9d2..45da91c46 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -326,7 +326,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle */ public function gc($maxlifetime) { - if ( ! is_dir($this->_config['save_path']) OR ($files = scandir($this->_config['save_path'])) === FALSE) + if ( ! is_dir($this->_config['save_path']) OR ($directory = opendir($this->_config['save_path'])) === FALSE) { log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_config['save_path']."'."); return FALSE; @@ -340,7 +340,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle ($this->_config['match_ip'] === TRUE ? 72 : 40) ); - foreach ($files as $file) + while (($file = readdir($directory)) !== FALSE) { // If the filename doesn't match this pattern, it's either not a session file or is not ours if ( ! preg_match($pattern, $file) @@ -354,6 +354,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle unlink($this->_config['save_path'].DIRECTORY_SEPARATOR.$file); } + closedir($directory); + return TRUE; } -- cgit v1.2.3-24-g4f1b From fd3105716f5cdede79b9b471561413c161db250c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 30 Mar 2015 17:19:26 +0300 Subject: Fix #3717 --- system/libraries/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index bb457c659..0549fef66 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -869,7 +869,7 @@ class CI_Session { public function set_tempdata($data, $value = NULL, $ttl = 300) { $this->set_userdata($data, $value); - $this->mark_as_temp($data, $ttl); + $this->mark_as_temp(is_array($data) ? array_keys($data) : $data, $ttl); } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b