Manages data for an an authenticated session. More...
Public Member Functions | |
| __construct (SessionBackend $backend, $index, LoggerInterface $logger) | |
| __destruct () | |
| canSetUser () | |
| Indicate whether the session user info can be changed. More... | |
| clear () | |
| Delete all session data and clear the user (if possible) More... | |
| delaySave () | |
| Delay automatic saving while multiple updates are being made. More... | |
| exists ($key) | |
| Test if a value exists in the session. More... | |
| get ($key, $default=null) | |
| Fetch a value from the session. More... | |
| getAllowedUserRights () | |
| Fetch the rights allowed the user when this session is active. More... | |
| getId () | |
| Returns the session ID. More... | |
| getLoggedOutTimestamp () | |
| Fetch the "logged out" timestamp. More... | |
| getProvider () | |
| Fetch the SessionProvider for this session. More... | |
| getProviderMetadata () | |
| Fetch provider metadata. More... | |
| getRequest () | |
| Returns the request associated with this session. More... | |
| getSecret ($key, $default=null) | |
| Fetch a value from the session that was set with self::setSecret() More... | |
| getSessionId () | |
| Returns the SessionId object. More... | |
| getToken ($salt= '', $key= 'default') | |
| Fetch a CSRF token from the session. More... | |
| getUser () | |
| Returns the authenticated user for this session. More... | |
| isPersistent () | |
| Indicate whether this session is persisted across requests. More... | |
| persist () | |
| Make this session persisted across requests. More... | |
| remove ($key) | |
| Remove a value from the session. More... | |
| renew () | |
| Renew the session. More... | |
| resetAllTokens () | |
| Remove all CSRF tokens from the session. More... | |
| resetId () | |
| Changes the session ID. More... | |
| resetToken ($key= 'default') | |
| Remove a CSRF token from the session. More... | |
| save () | |
| Save the session. More... | |
| sessionWithRequest (WebRequest $request) | |
| Fetch a copy of this session attached to an alternative WebRequest. More... | |
| set ($key, $value) | |
| Set a value in the session. More... | |
| setForceHTTPS ($force) | |
| Set whether HTTPS should be forced. More... | |
| setLoggedOutTimestamp ($ts) | |
| Set the "logged out" timestamp. More... | |
| setRememberUser ($remember) | |
| Set whether the user should be remembered independently of the session ID. More... | |
| setSecret ($key, $value) | |
| Set a value in the session, encrypted. More... | |
| setUser ($user) | |
| Set a new user for this session. More... | |
| shouldForceHTTPS () | |
| Whether HTTPS should be forced. More... | |
| shouldRememberUser () | |
| Indicate whether the user should be remembered independently of the session ID. More... | |
| suggestLoginUsername () | |
| Get a suggested username for the login form. More... | |
| unpersist () | |
| Make this session not be persisted across requests. More... | |
Interface methods | |
| count () | |
| current () | |
| key () | |
| next () | |
| rewind () | |
| valid () | |
| offsetExists ($offset) | |
| & | offsetGet ($offset) |
| offsetSet ($offset, $value) | |
| offsetUnset ($offset) | |
Private Member Functions | |
| getSecretKeys () | |
| Fetch the secret keys for self::setSecret() and self::getSecret(). More... | |
Static Private Member Functions | |
| static | getEncryptionAlgorithm () |
| Decide what type of encryption to use, based on system capabilities. More... | |
Private Attributes | |
| SessionBackend | $backend |
| Session backend. More... | |
| int | $index |
| Session index. More... | |
| LoggerInterface | $logger |
Static Private Attributes | |
| static null string[] | $encryptionAlgorithm = null |
| Encryption algorithm to use. More... | |
Detailed Description
Manages data for an an authenticated session.
A Session represents the fact that the current HTTP request is part of a session. There are two broad types of Sessions, based on whether they return true or false from self::canSetUser():
- When true (mutable), the Session identifies multiple requests as part of a session generically, with no tie to a particular user.
- When false (immutable), the Session identifies multiple requests as part of a session by identifying and authenticating the request itself as belonging to a particular user.
The Session object also serves as a replacement for PHP's $_SESSION, managing access to per-session data.
- Since
- 1.27
Definition at line 48 of file Session.php.
Constructor & Destructor Documentation
| MediaWiki\Session\Session::__construct | ( | SessionBackend | $backend, |
| $index, | |||
| LoggerInterface | $logger | ||
| ) |
- Parameters
-
SessionBackend $backend int $index LoggerInterface $logger
Definition at line 66 of file Session.php.
References MediaWiki\Session\Session\$backend, MediaWiki\Session\Session\$index, and MediaWiki\Session\Session\$logger.
| MediaWiki\Session\Session::__destruct | ( | ) |
Definition at line 72 of file Session.php.
Member Function Documentation
| MediaWiki\Session\Session::canSetUser | ( | ) |
Indicate whether the session user info can be changed.
- Returns
- bool
Definition at line 183 of file Session.php.
| MediaWiki\Session\Session::clear | ( | ) |
Delete all session data and clear the user (if possible)
Definition at line 250 of file Session.php.
| MediaWiki\Session\Session::count | ( | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 616 of file Session.php.
Referenced by MediaWiki\Session\Session\getSecret().
| MediaWiki\Session\Session::current | ( | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 621 of file Session.php.
| MediaWiki\Session\Session::delaySave | ( | ) |
Delay automatic saving while multiple updates are being made.
Calls to save() or clear() will not be delayed.
- Returns
- \ScopedCallback When this goes out of scope, a save will be triggered
Definition at line 600 of file Session.php.
| MediaWiki\Session\Session::exists | ( | $key | ) |
Test if a value exists in the session.
- Note
- Unlike isset(), null values are considered to exist.
- Parameters
-
string | int $key
- Returns
- bool
Definition at line 303 of file Session.php.
| MediaWiki\Session\Session::get | ( | $key, | |
$default = null |
|||
| ) |
Fetch a value from the session.
- Parameters
-
string | int $key mixed $default Returned if $this->exists( $key ) would be false
- Returns
- mixed
Definition at line 292 of file Session.php.
| MediaWiki\Session\Session::getAllowedUserRights | ( | ) |
Fetch the rights allowed the user when this session is active.
- Returns
- null|string[] Allowed user rights, or null to allow all.
Definition at line 175 of file Session.php.
|
staticprivate |
Decide what type of encryption to use, based on system capabilities.
- Returns
- array
Definition at line 415 of file Session.php.
References $wgSessionInsecureSecrets, and global.
| MediaWiki\Session\Session::getId | ( | ) |
| MediaWiki\Session\Session::getLoggedOutTimestamp | ( | ) |
| MediaWiki\Session\Session::getProvider | ( | ) |
Fetch the SessionProvider for this session.
- Returns
- SessionProviderInterface
Definition at line 105 of file Session.php.
| MediaWiki\Session\Session::getProviderMetadata | ( | ) |
Fetch provider metadata.
- Access:
- protected For use by SessionProvider subclasses only
- Returns
- mixed
Definition at line 243 of file Session.php.
| MediaWiki\Session\Session::getRequest | ( | ) |
Returns the request associated with this session.
- Returns
- WebRequest
Definition at line 159 of file Session.php.
| MediaWiki\Session\Session::getSecret | ( | $key, | |
$default = null |
|||
| ) |
Fetch a value from the session that was set with self::setSecret()
- Parameters
-
string | int $key mixed $default Returned if $this->exists( $key ) would be false or decryption fails
- Returns
- mixed
Definition at line 523 of file Session.php.
References $serialized, $value, MediaWiki\Session\Session\count(), MediaWiki\Session\Session\getSecretKeys(), list, serialize(), and unserialize().
|
private |
Fetch the secret keys for self::setSecret() and self::getSecret().
- Returns
- string[] Encryption key, HMAC key
Definition at line 389 of file Session.php.
References $wgSecretKey, $wgSessionPbkdf2Iterations, $wgSessionSecret, MWCryptRand\generateHex(), global, and MediaWiki\Session\Session\set().
Referenced by MediaWiki\Session\Session\getSecret(), and MediaWiki\Session\Session\setSecret().
| MediaWiki\Session\Session::getSessionId | ( | ) |
Returns the SessionId object.
- Access:
- private For internal use by WebRequest
- Returns
- SessionId
Definition at line 89 of file Session.php.
| MediaWiki\Session\Session::getToken | ( | $salt = '', |
|
$key = 'default' |
|||
| ) |
Fetch a CSRF token from the session.
Note that this does not persist the session, which you'll probably want to do if you want the token to actually be useful.
- Returns
- Token
Definition at line 343 of file Session.php.
References MWCryptRand\generateHex(), and MediaWiki\Session\Session\set().
| MediaWiki\Session\Session::getUser | ( | ) |
Returns the authenticated user for this session.
- Returns
- User
Definition at line 167 of file Session.php.
| MediaWiki\Session\Session::isPersistent | ( | ) |
Indicate whether this session is persisted across requests.
For example, if cookies are set.
- Returns
- bool
Definition at line 116 of file Session.php.
| MediaWiki\Session\Session::key | ( | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 626 of file Session.php.
Referenced by MediaWiki\Session\Session\valid().
| MediaWiki\Session\Session::next | ( | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 631 of file Session.php.
| MediaWiki\Session\Session::offsetExists | ( | $offset | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 650 of file Session.php.
| & MediaWiki\Session\Session::offsetGet | ( | $offset | ) |
- Note
- This supports indirect modifications but can't mark the session dirty when those happen. SessionBackend::save() checks the hash of the data to detect such changes.
- Accessing a nonexistent key via this mechanism causes that key to be created with a null value, and does not raise a PHP warning.
Definition at line 662 of file Session.php.
| MediaWiki\Session\Session::offsetSet | ( | $offset, | |
| $value | |||
| ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 671 of file Session.php.
References $value, and MediaWiki\Session\Session\set().
| MediaWiki\Session\Session::offsetUnset | ( | $offset | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 675 of file Session.php.
| MediaWiki\Session\Session::persist | ( | ) |
Make this session persisted across requests.
If the session is already persistent, equivalent to calling $this->renew().
Definition at line 126 of file Session.php.
| MediaWiki\Session\Session::remove | ( | $key | ) |
Remove a value from the session.
- Parameters
-
string | int $key
Definition at line 325 of file Session.php.
| MediaWiki\Session\Session::renew | ( | ) |
Renew the session.
Resets the TTL in the backend store if the session is near expiring, and re-persists the session to any active WebRequests if persistent.
Definition at line 268 of file Session.php.
| MediaWiki\Session\Session::resetAllTokens | ( | ) |
Remove all CSRF tokens from the session.
Definition at line 381 of file Session.php.
| MediaWiki\Session\Session::resetId | ( | ) |
Changes the session ID.
- Returns
- string New ID (might be the same as the old)
Definition at line 97 of file Session.php.
| MediaWiki\Session\Session::resetToken | ( | $key = 'default' | ) |
Remove a CSRF token from the session.
The next call to self::getToken() with $key will generate a new secret.
- Parameters
-
string $key Token key
Definition at line 370 of file Session.php.
References MediaWiki\Session\Session\set().
| MediaWiki\Session\Session::rewind | ( | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 636 of file Session.php.
| MediaWiki\Session\Session::save | ( | ) |
Save the session.
Definition at line 607 of file Session.php.
| MediaWiki\Session\Session::sessionWithRequest | ( | WebRequest | $request | ) |
Fetch a copy of this session attached to an alternative WebRequest.
Actions on the copy will affect this session too, and vice versa.
- Parameters
-
WebRequest $request Any existing session associated with this WebRequest object will be overwritten.
- Returns
- Session
Definition at line 281 of file Session.php.
References WebRequest\setSessionId().
| MediaWiki\Session\Session::set | ( | $key, | |
| $value | |||
| ) |
Set a value in the session.
- Parameters
-
string | int $key mixed $value
Definition at line 313 of file Session.php.
References $value.
Referenced by MediaWiki\Session\Session\getSecretKeys(), MediaWiki\Session\Session\getToken(), MediaWiki\Session\Session\offsetSet(), MediaWiki\Session\Session\resetToken(), and MediaWiki\Session\Session\setSecret().
| MediaWiki\Session\Session::setForceHTTPS | ( | $force | ) |
Set whether HTTPS should be forced.
- Parameters
-
bool $force
Definition at line 218 of file Session.php.
| MediaWiki\Session\Session::setLoggedOutTimestamp | ( | $ts | ) |
| MediaWiki\Session\Session::setRememberUser | ( | $remember | ) |
Set whether the user should be remembered independently of the session ID.
- Parameters
-
bool $remember
Definition at line 151 of file Session.php.
| MediaWiki\Session\Session::setSecret | ( | $key, | |
| $value | |||
| ) |
Set a value in the session, encrypted.
This relies on the secrecy of $wgSecretKey (by default), or $wgSessionSecret.
- Parameters
-
string | int $key mixed $value
Definition at line 470 of file Session.php.
References $serialized, $value, MWCryptRand\generate(), MediaWiki\Session\Session\getSecretKeys(), list, serialize(), and MediaWiki\Session\Session\set().
| MediaWiki\Session\Session::setUser | ( | $user | ) |
| MediaWiki\Session\Session::shouldForceHTTPS | ( | ) |
| MediaWiki\Session\Session::shouldRememberUser | ( | ) |
Indicate whether the user should be remembered independently of the session ID.
- Returns
- bool
Definition at line 142 of file Session.php.
| MediaWiki\Session\Session::suggestLoginUsername | ( | ) |
Get a suggested username for the login form.
- Returns
- string|null
Definition at line 202 of file Session.php.
| MediaWiki\Session\Session::unpersist | ( | ) |
Make this session not be persisted across requests.
Definition at line 133 of file Session.php.
| MediaWiki\Session\Session::valid | ( | ) |
- Note
- Despite the name, this seems to be intended to implement isset() rather than array_key_exists(). So do that.
Definition at line 641 of file Session.php.
References MediaWiki\Session\Session\key().
Member Data Documentation
|
private |
Session backend.
Definition at line 53 of file Session.php.
Referenced by MediaWiki\Session\Session\__construct().
|
staticprivate |
Encryption algorithm to use.
Definition at line 50 of file Session.php.
|
private |
Session index.
Definition at line 56 of file Session.php.
Referenced by MediaWiki\Session\Session\__construct().
|
private |
Definition at line 59 of file Session.php.
Referenced by MediaWiki\Session\Session\__construct().
The documentation for this class was generated from the following file:
- includes/session/Session.php
