From d4b15bcdbd6a06e01d8de927c1d26f8f5bc4ed6c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 22 Feb 2022 12:16:26 +0200 Subject: [ci skip] SessionUpdateTimestampHandlerInterface --- .../Session/CI_Session_driver_interface.php | 2 + system/libraries/Session/OldSessionWrapper.php | 12 ++++- system/libraries/Session/PHP8SessionWrapper.php | 12 ++++- system/libraries/Session/Session.php | 2 + .../SessionUpdateTimestampHandlerInterface.php | 56 ++++++++++++++++++++++ system/libraries/Session/Session_driver.php | 2 +- .../Session/drivers/Session_database_driver.php | 29 ++++++++++- .../Session/drivers/Session_files_driver.php | 20 +++++++- .../Session/drivers/Session_memcached_driver.php | 20 +++++++- .../Session/drivers/Session_redis_driver.php | 20 +++++++- 10 files changed, 164 insertions(+), 11 deletions(-) create mode 100644 system/libraries/Session/SessionUpdateTimestampHandlerInterface.php (limited to 'system') diff --git a/system/libraries/Session/CI_Session_driver_interface.php b/system/libraries/Session/CI_Session_driver_interface.php index a854e92af..7f62ba49c 100644 --- a/system/libraries/Session/CI_Session_driver_interface.php +++ b/system/libraries/Session/CI_Session_driver_interface.php @@ -55,4 +55,6 @@ interface CI_Session_driver_interface { public function write($session_id, $session_data); public function destroy($session_id); public function gc($maxlifetime); + public function updateTimestamp($session_id, $data); + public function validateId($session_id); } diff --git a/system/libraries/Session/OldSessionWrapper.php b/system/libraries/Session/OldSessionWrapper.php index a8bc1d0c0..c6f8a631d 100644 --- a/system/libraries/Session/OldSessionWrapper.php +++ b/system/libraries/Session/OldSessionWrapper.php @@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @author Andrey Andreev * @link https://codeigniter.com/userguide3/libraries/sessions.html */ -class CI_SessionWrapper implements SessionHandlerInterface { +class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface { protected $driver; @@ -85,4 +85,14 @@ class CI_SessionWrapper implements SessionHandlerInterface { { return $this->driver->gc($maxlifetime); } + + public function updateTimestamp($id, $data) + { + return $this->driver->updateTimestamp($id, $data); + } + + public function validateId($id) + { + return $this->driver->validateId($id); + } } diff --git a/system/libraries/Session/PHP8SessionWrapper.php b/system/libraries/Session/PHP8SessionWrapper.php index c6dfaf7e0..85223b757 100644 --- a/system/libraries/Session/PHP8SessionWrapper.php +++ b/system/libraries/Session/PHP8SessionWrapper.php @@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @author Andrey Andreev * @link https://codeigniter.com/userguide3/libraries/sessions.html */ -class CI_SessionWrapper implements SessionHandlerInterface { +class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface { protected CI_Session_driver_interface $driver; @@ -87,4 +87,14 @@ class CI_SessionWrapper implements SessionHandlerInterface { { return $this->driver->gc($maxlifetime); } + + public function updateTimestamp(string $id, string$data): bool + { + return $this->driver->updateTimestamp($id, $data); + } + + public function validateId(string $id): bool + { + return $this->driver->validateId($id); + } } diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 68dc0ab63..a211ce31b 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -207,6 +207,8 @@ class CI_Session { { // PHP 5.4 compatibility interface_exists('SessionHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionHandlerInterface.php'); + // PHP 7 compatibility + interface_exists('SessionUpdateTimestampHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionUpdateTimestampHandlerInterface.php'); require_once(BASEPATH.'libraries/Session/CI_Session_driver_interface.php'); $wrapper = is_php('8.0') ? 'PHP8SessionWrapper' : 'OldSessionWrapper'; diff --git a/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php new file mode 100644 index 000000000..d48d56889 --- /dev/null +++ b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php @@ -0,0 +1,56 @@ +_config['cookie_name']]) && ! $this->validateSessionId($_COOKIE[$this->_config['cookie_name']])) + if ($this->_success === 0 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']])) { unset($_COOKIE[$this->_config['cookie_name']]); } diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 2f788a1a1..4b475364b 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -344,16 +344,41 @@ class CI_Session_database_driver extends CI_Session_driver implements CI_Session // -------------------------------------------------------------------- + /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->where('id', $id); + if ($this->_config['match_ip']) + { + $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + } + + return (bool) $this->_db->update($this->_config['save_path'], array('timestamp' => time())); + } + + // -------------------------------------------------------------------- + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index c912fc71d..be0dc9ede 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -400,16 +400,32 @@ class CI_Session_files_driver extends CI_Session_driver implements CI_Session_dr // -------------------------------------------------------------------- + /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return touch($this->_file_path.$id); + } + + // -------------------------------------------------------------------- + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { $result = is_file($this->_file_path.$id); clearstatcache(TRUE, $this->_file_path.$id); diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index d84a9df1d..d1401630d 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -295,16 +295,32 @@ class CI_Session_memcached_driver extends CI_Session_driver implements CI_Sessio // -------------------------------------------------------------------- + /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return $this->_memcached->touch($this->_key_prefix.$id, $this->_config['expiration']); + } + + // -------------------------------------------------------------------- + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { $this->_memcached->get($this->_key_prefix.$id); return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index b112a18c8..269dfcd64 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -355,16 +355,32 @@ class CI_Session_redis_driver extends CI_Session_driver implements CI_Session_dr // -------------------------------------------------------------------- + /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return $this->_redis->{$this->_setTimeout_name}($this->_key_prefix.$id, $this->_config['expiration']); + } + + // -------------------------------------------------------------------- + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { return (bool) $this->_redis->exists($this->_key_prefix.$id); } -- cgit v1.2.3-24-g4f1b