TYPO3  7.6
Public Member Functions | Private Member Functions | Private Attributes | List of all members
SessionService Class Reference
Inheritance diagram for SessionService:
SingletonInterface

Public Member Functions

 __construct ()
 
 startSession ()
 
 destroySession ()
 
 resetSession ()
 
 hasSession ()
 
 getSessionId ()
 
 setAuthorized ()
 
 isAuthorized ()
 
 isExpired ()
 
 refreshSession ()
 
 addMessage (\TYPO3\CMS\Install\Status\StatusInterface $message)
 
 getMessagesAndFlush ()
 
 open ($savePath, $sessionName)
 
 close ()
 
 read ($id)
 
 write ($id, $sessionData)
 
 destroy ($id)
 
 gc ($maxLifeTime)
 
 __destruct ()
 

Private Member Functions

 getSessionSavePath ()
 
 ensureSessionSavePathExists ($sessionSavePath)
 
 renewSession ()
 
 getSessionHash ($sessionId= '')
 
 getSessionFile ($id)
 

Private Attributes

 $typo3tempPath
 
 $sessionPath = 'InstallToolSessions/%s'
 
 $cookieName = 'Typo3InstallTool'
 
 $expireTimeInMinutes = 60
 
 $regenerateSessionIdTime = 5
 

Detailed Description

Secure session handling for the install tool.

Definition at line 22 of file SessionService.php.

Constructor & Destructor Documentation

__construct ( )

Constructor. Starts PHP session handling in our own private store

Side-effect: might set a cookie, so must be called before any other output.

Definition at line 66 of file SessionService.php.

References elseif, GeneralUtility\getIndpEnv(), and SessionService\getSessionSavePath().

__destruct ( )

Writes the session data at the end, to overcome a PHP APC bug.

Writes the session data in a proper context that is not affected by the APC bug: http://pecl.php.net/bugs/bug.php?id=16721.

This behaviour was introduced in #17511, where self::write() made use of GeneralUtility which due to the APC bug throws a "Fatal error: Class 'GeneralUtility' not found" (and the session data is not saved). Calling session_write_close() at this point seems to be the most easy solution, according to PHP author.

Returns
void

Definition at line 462 of file SessionService.php.

Member Function Documentation

addMessage ( \TYPO3\CMS\Install\Status\StatusInterface  $message)

Add a message to "Flash" message storage.

Parameters
\TYPO3\CMS\Install\Status\StatusInterface$messageA message to add
Returns
void

Definition at line 315 of file SessionService.php.

close ( )

Close function. See

Returns
bool

Definition at line 373 of file SessionService.php.

destroy (   $id)

Destroys one session. See

Parameters
string$idThe session id
Returns
string

Definition at line 422 of file SessionService.php.

References SessionService\getSessionFile().

destroySession ( )

Destroys a session

Definition at line 169 of file SessionService.php.

ensureSessionSavePathExists (   $sessionSavePath)
private

Create directories for the session save path and throw an exception if that fails.

Parameters
string$sessionSavePathThe absolute path to the session files
Exceptions
\TYPO3\CMS\Install\Exception

Definition at line 122 of file SessionService.php.

References GeneralUtility\mkdir_deep(), and GeneralUtility\writeFile().

Referenced by SessionService\getSessionSavePath().

gc (   $maxLifeTime)

Garbage collect session info. See

Parameters
int$maxLifeTimeThe setting of session.gc_maxlifetime
Returns
bool

Definition at line 434 of file SessionService.php.

References $filename, and SessionService\getSessionSavePath().

getMessagesAndFlush ( )

Return stored session messages and flush.

Returns
array<> Messages

Definition at line 328 of file SessionService.php.

getSessionFile (   $id)
private

Returns the file where to store our session data

Parameters
string$id
Returns
string A filename

Definition at line 350 of file SessionService.php.

References SessionService\getSessionHash(), and SessionService\getSessionSavePath().

Referenced by SessionService\destroy(), SessionService\read(), and SessionService\write().

getSessionHash (   $sessionId = '')
private

Returns a session hash, which can only be calculated by the server. Used to store our session files without exposing the session ID.

Parameters
string$sessionIdAn alternative session ID. Defaults to our current session ID
Exceptions
\TYPO3\CMS\Install\Exception
Returns
string the session hash

Definition at line 222 of file SessionService.php.

References $GLOBALS, and SessionService\getSessionId().

Referenced by SessionService\getSessionFile().

getSessionId ( )

Returns the session ID of the running session.

Returns
string the session ID

Definition at line 209 of file SessionService.php.

Referenced by SessionService\getSessionHash().

getSessionSavePath ( )
private

Returns the path where to store our session files

Exceptions
\TYPO3\CMS\Install\Exception
Returns
string Session save path

Definition at line 99 of file SessionService.php.

References $GLOBALS, SessionService\ensureSessionSavePathExists(), and GeneralUtility\hmac().

Referenced by SessionService\__construct(), SessionService\gc(), and SessionService\getSessionFile().

hasSession ( )

Checks whether we already have an active session.

Returns
bool TRUE if there is an active session, FALSE otherwise

Definition at line 199 of file SessionService.php.

isAuthorized ( )

Check if we have an already authorized session

Returns
bool TRUE if this session has been authorized before (by a correct password)

Definition at line 259 of file SessionService.php.

isExpired ( )

Check if our session is expired. Useful only right after a FALSE "isAuthorized" to see if this is the reason for not being authorized anymore.

Returns
bool TRUE if an authorized session exists, but is expired

Definition at line 278 of file SessionService.php.

open (   $savePath,
  $sessionName 
)

Open function. See

Parameters
string$savePath
string$sessionName
Returns
bool

Definition at line 363 of file SessionService.php.

read (   $id)

Read session data. See

Parameters
string$idThe session id
Returns
string

Definition at line 384 of file SessionService.php.

References SessionService\getSessionFile(), and SessionService\write().

refreshSession ( )

Refreshes our session information, rising the expire time. Also generates a new session ID every 5 minutes to minimize the risk of session hijacking.

Returns
void

Definition at line 298 of file SessionService.php.

References SessionService\renewSession().

renewSession ( )
private

Generates a new session ID and sends it to the client.

Returns
string the new session ID

Definition at line 188 of file SessionService.php.

Referenced by SessionService\refreshSession(), SessionService\setAuthorized(), and SessionService\startSession().

resetSession ( )

Reset session. Sets _SESSION to empty array.

Definition at line 177 of file SessionService.php.

setAuthorized ( )

Marks this session as an "authorized" one (login successful). Should only be called if: a) we have a valid session running b) the "password" or some other authorization mechanism really matched

Returns
void

Definition at line 244 of file SessionService.php.

References SessionService\renewSession().

startSession ( )

Starts a new session

Returns
string The session ID

Definition at line 159 of file SessionService.php.

References SessionService\renewSession().

write (   $id,
  $sessionData 
)

Write session data. See

Parameters
string$idThe session id
string$sessionDataThe data to be stored
Exceptions
Exception
Returns
bool

Definition at line 403 of file SessionService.php.

References SessionService\getSessionFile(), and GeneralUtility\writeFile().

Referenced by SessionService\read().

Member Data Documentation

$cookieName = 'Typo3InstallTool'
private

Definition at line 45 of file SessionService.php.

$expireTimeInMinutes = 60
private

Definition at line 52 of file SessionService.php.

$regenerateSessionIdTime = 5
private

Definition at line 59 of file SessionService.php.

$sessionPath = 'InstallToolSessions/%s'
private

Definition at line 38 of file SessionService.php.

$typo3tempPath
private

Definition at line 30 of file SessionService.php.

Generated on Wed Nov 11 2015 01:52:46 for TYPO3 by   doxygen 1.8.3