This serves as the entry point to the MediaWiki session handling system. More...

Inheritance diagram for MediaWiki\Session\SessionManager:

Collaboration diagram for MediaWiki\Session\SessionManager:

Public Member Functions
	__construct ($options=[])

	getEmptySession (WebRequest $request=null)
	Fetch a new, empty session. More...

	getSessionById ($id, $create=false, WebRequest $request=null)
	Fetch a session by ID. More...

	getSessionForRequest (WebRequest $request)
	Fetch the session for a request. More...

	getVaryCookies ()
	Return the list of cookies that need varying on. More...

	getVaryHeaders ()
	Return the HTTP headers that need varying on. More...

	invalidateSessionsForUser (User $user)
	Invalidate sessions for a user. More...

	setLogger (LoggerInterface $logger)

Static Public Member Functions
static	getGlobalSession ()
	Get the "global" session. More...

static	singleton ()
	Get the global SessionManager. More...

static	validateSessionId ($id)
	Validate a session ID. More...

Private Member Functions
	getEmptySessionInternal (WebRequest $request=null, $id=null)

Private Attributes
SessionBackend[]	$allSessionBackends = []

SessionId[]	$allSessionIds = []

Config	$config

LoggerInterface	$logger

string[]	$preventUsers = []

SessionProvider[]	$sessionProviders = null

CachedBagOStuff null	$store

string[]	$varyCookies = null

array	$varyHeaders = null

Static Private Attributes
static Session null	$globalSession = null

static WebRequest null	$globalSessionRequest = null

static SessionManager null	$instance = null

Internal methods
static	autoCreateUser (User $user)
	Auto-create the given user, if necessary. More...

static	resetCache ()
	Reset the internal caching for unit testing. More...

	preventSessionsForUser ($username)
	Prevent future sessions for the user. More...

	isUserSessionPrevented ($username)
	Test if a user is prevented For use from SessionBackend only. More...

	getProvider ($name)
	Get a session provider by name. More...

	shutdown ()
	Save all active sessions on shutdown For internal use with register_shutdown_function() More...

	getSessionFromInfo (SessionInfo $info, WebRequest $request)
	Create a session corresponding to the passed SessionInfo. More...

	deregisterSessionBackend (SessionBackend $backend)
	Deregister a SessionBackend. More...

	changeBackendId (SessionBackend $backend)
	Change a SessionBackend's ID. More...

	generateSessionId ()
	Generate a new random session ID. More...

	setupPHPSessionHandler (PHPSessionHandler $handler)
	Call setters on a PHPSessionHandler. More...

	getSessionInfoForRequest (WebRequest $request)
	Fetch the SessionInfo(s) for a request. More...

	loadSessionInfoFromStore (SessionInfo &$info, WebRequest $request)
	Load and verify the session info against the store. More...

	getProviders ()
	Get the available SessionProviders. More...

Detailed Description

This serves as the entry point to the MediaWiki session handling system.

Since: 1.27

Definition at line 41 of file SessionManager.php.

Constructor & Destructor Documentation

MediaWiki\Session\SessionManager::__construct ( $options = [] )

Parameters

array

$options

config: Config to fetch configuration from. Defaults to the default 'main' config.
logger: LoggerInterface to use for logging. Defaults to the 'session' channel.
store: BagOStuff to store session data in.

Definition at line 139 of file SessionManager.php.

References $options, MediaWiki\Session\SessionManager\$store, ConfigFactory\getDefaultInstance(), ObjectCache\getInstance(), MediaWiki\Session\SessionManager\setLogger(), and store.

Member Function Documentation

static MediaWiki\Session\SessionManager::autoCreateUser ( User $user )

static

Auto-create the given user, if necessary.

Access:: private Don't call this yourself. Let Setup.php do it for you at the right time.

Deprecated:

since 1.27, use MediaWiki\Auth\AuthManager::autoCreateUser instead

Parameters

User $user User to auto-create

Returns: bool Success

Definition at line 378 of file SessionManager.php.

References $cache, $flags, $from, MediaWiki\Session\SessionManager\$logger, $status, $user, $wgAuth, $wgDisableAuthManager, User\addToDatabase(), DeferredUpdates\addUpdate(), User\addWatch(), ObjectCache\getLocalClusterInstance(), User\getName(), User\getUserPage(), global, User\idFromName(), User\IGNORE_USER_RIGHTS, Profiler\instance(), User\isCreatableName(), User\loadDefaults(), User\loadFromId(), IDBAccessObject\READ_LATEST, Hooks\run(), User\saveSettings(), User\setId(), User, wfDeprecated(), wfGetLB(), wfMemcKey(), and wfReadOnly().

MediaWiki\Session\SessionManager::changeBackendId ( SessionBackend $backend )

Change a SessionBackend's ID.

Access:: private For use from \MediaWiki\Session\SessionBackend only

Parameters

SessionBackend $backend

Definition at line 1090 of file SessionManager.php.

References MediaWiki\Session\SessionManager\generateSessionId(), MediaWiki\Session\SessionBackend\getSessionId(), and string.

MediaWiki\Session\SessionManager::deregisterSessionBackend ( SessionBackend $backend )

Deregister a SessionBackend.

Access:: private For use from \MediaWiki\Session\SessionBackend only

Parameters

SessionBackend $backend

Definition at line 1072 of file SessionManager.php.

References MediaWiki\Session\SessionBackend\getId(), and MediaWiki\Session\SessionBackend\getSessionId().

MediaWiki\Session\SessionManager::generateSessionId ( )

Generate a new random session ID.

Returns: string

Definition at line 1112 of file SessionManager.php.

References MWCryptRand\generateHex(), store, and wfMemcKey().

Referenced by MediaWiki\Session\SessionManager\changeBackendId().

MediaWiki\Session\SessionManager::getEmptySession ( WebRequest $request = null )

Fetch a new, empty session.

The first provider configured that is able to provide an empty session will be used.

Parameters

WebRequest | null $request Corresponding request. Any existing session associated with this WebRequest object will be overwritten.

Returns: Session

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 234 of file SessionManager.php.

References $request, and MediaWiki\Session\SessionManager\getEmptySessionInternal().

Referenced by MediaWiki\Session\SessionManager\getSessionForRequest().

MediaWiki\Session\SessionManager::getEmptySessionInternal	(	WebRequest	$request = `null`,
			$id = `null`
	)

private

See Also: SessionManagerInterface::getEmptySession

Parameters

WebRequest \| null	$request
string \| null	$id	ID to force on the new session

Returns: Session

Definition at line 244 of file SessionManager.php.

References $request, as, MediaWiki\Session\SessionInfo\compare(), MediaWiki\Session\SessionManager\getProviders(), MediaWiki\Session\SessionManager\getSessionFromInfo(), store, and wfMemcKey().

Referenced by MediaWiki\Session\SessionManager\getEmptySession(), and MediaWiki\Session\SessionManager\getSessionById().

static MediaWiki\Session\SessionManager::getGlobalSession ( )

static

Get the "global" session.

If PHP's session_id() has been set, returns that session. Otherwise returns the session for RequestContext::getMain()->getRequest().

Returns: Session

Definition at line 98 of file SessionManager.php.

References $request, RequestContext\getMain(), and MediaWiki\Session\PHPSessionHandler\isEnabled().

Referenced by MediaWiki\Auth\RememberMeAuthenticationRequest\__construct(), MediaWiki\Session\SessionBackend\checkPHPSession(), ApiCreateAccount\execute(), ApiLogout\execute(), SpecialUserlogoutPreAuthManager\execute(), SpecialUserLogout\execute(), ApiLogin\execute(), RequestContext\exportSession(), RawAction\onView(), SubmitAction\show(), ApiTestCase\tearDown(), and MediaWiki\Session\SessionManagerTest\testAutoCreateUser().

MediaWiki\Session\SessionManager::getProvider ( $name )

Get a session provider by name.

Generally, this will only be used by internal implementation of some special session-providing mechanism. General purpose code, if it needs to access a SessionProvider at all, will use Session::getProvider().

Parameters

string $name

Returns: SessionProvider|null

Definition at line 634 of file SessionManager.php.

References $name, and MediaWiki\Session\SessionManager\getProviders().

Referenced by MediaWiki\Session\SessionManager\loadSessionInfoFromStore().

MediaWiki\Session\SessionManager::getProviders ( )

protected

Get the available SessionProviders.

Returns: SessionProvider[]

Definition at line 607 of file SessionManager.php.

References MediaWiki\Session\SessionManager\$sessionProviders, as, ObjectFactory\getObjectFromSpec(), and string.

Referenced by MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getProvider(), MediaWiki\Session\SessionManager\getSessionInfoForRequest(), MediaWiki\Session\SessionManager\getVaryCookies(), MediaWiki\Session\SessionManager\getVaryHeaders(), MediaWiki\Session\SessionManager\invalidateSessionsForUser(), and MediaWiki\Session\SessionManager\preventSessionsForUser().

MediaWiki\Session\SessionManager::getSessionById	(		$id,
			$create = `false`,
		WebRequest	$request = `null`
	)

Fetch a session by ID.

Parameters

string	$id
bool	$create	If no session exists for $id, try to create a new one. May still return null if a session for $id exists but cannot be loaded.
WebRequest \| null	$request	Corresponding request. Any existing session associated with this WebRequest object will be overwritten.

Returns: Session|null

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 192 of file SessionManager.php.

References $request, MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getSessionFromInfo(), MediaWiki\Session\SessionManager\loadSessionInfoFromStore(), MediaWiki\Session\SessionInfo\MIN_PRIORITY, store, and wfMemcKey().

MediaWiki\Session\SessionManager::getSessionForRequest ( WebRequest $request )

Fetch the session for a request.

Note: You probably want to use $request->getSession() instead. It's more efficient and doesn't break FauxRequests or sessions that were changed by $this->getSessionById() or $this->getEmptySession().

Parameters

WebRequest $request Any existing associated session will be reset to the session corresponding to the data in the request itself.

Returns: Session

Exceptions

\\OverflowException if there are multiple sessions tied for top priority in the request. Exception has a property "sessionInfos" holding the SessionInfo objects for the sessions involved.

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 181 of file SessionManager.php.

References MediaWiki\Session\SessionManager\getEmptySession(), MediaWiki\Session\SessionManager\getSessionFromInfo(), and MediaWiki\Session\SessionManager\getSessionInfoForRequest().

MediaWiki\Session\SessionManager::getSessionFromInfo	(	SessionInfo	$info,
		WebRequest	$request
	)

Create a session corresponding to the passed SessionInfo.

Access:: private For use by a SessionProvider that needs to specially create its own session.

Parameters

SessionInfo	$info
WebRequest	$request

Returns: Session

Definition at line 1016 of file SessionManager.php.

References ScopedCallback\consume(), MediaWiki\Session\SessionBackend\delaySave(), MediaWiki\Session\SessionInfo\getId(), MediaWiki\Session\SessionInfo\isIdSafe(), MW_NO_SESSION, WebRequest\setSessionId(), store, MediaWiki\Session\SessionInfo\wasPersisted(), and MediaWiki\Session\SessionInfo\wasRemembered().

Referenced by MediaWiki\Session\SessionManager\getEmptySessionInternal(), MediaWiki\Session\SessionManager\getSessionById(), and MediaWiki\Session\SessionManager\getSessionForRequest().

MediaWiki\Session\SessionManager::getSessionInfoForRequest ( WebRequest $request )

private

Fetch the SessionInfo(s) for a request.

Parameters

WebRequest $request

Returns: SessionInfo|null

Definition at line 662 of file SessionManager.php.

References as, MediaWiki\Session\SessionInfo\compare(), MediaWiki\Session\SessionManager\getProviders(), and MediaWiki\Session\SessionManager\loadSessionInfoFromStore().

Referenced by MediaWiki\Session\SessionManager\getSessionForRequest().

MediaWiki\Session\SessionManager::getVaryCookies ( )

Return the list of cookies that need varying on.

Returns: string[]

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 341 of file SessionManager.php.

References MediaWiki\Session\SessionManager\$varyCookies, as, MediaWiki\Session\SessionManager\getProviders(), and MW_NO_SESSION.

MediaWiki\Session\SessionManager::getVaryHeaders ( )

Return the HTTP headers that need varying on.

The return value is such that someone could theoretically do this:

foreach ( $provider->getVaryHeaders() as $header => $options ) {
   $outputPage->addVaryHeader( $header, $options );
}

Returns: array

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 318 of file SessionManager.php.

References $options, MediaWiki\Session\SessionManager\$varyHeaders, as, MediaWiki\Session\SessionManager\getProviders(), and MW_NO_SESSION.

MediaWiki\Session\SessionManager::invalidateSessionsForUser ( User $user )

Invalidate sessions for a user.

After calling this, existing sessions should be invalid. For mutable session providers, this generally means the user has to log in again; for immutable providers, it generally means the loss of session data.

Parameters

User $user

Implements MediaWiki\Session\SessionManagerInterface.

Definition at line 304 of file SessionManager.php.

References as, MediaWiki\Auth\AuthManager\callLegacyAuthPlugin(), MediaWiki\Session\SessionManager\getProviders(), User\saveSettings(), and User\setToken().

MediaWiki\Session\SessionManager::isUserSessionPrevented ( $username )

Test if a user is prevented For use from SessionBackend only.

Parameters

string $username

Returns: bool

Definition at line 599 of file SessionManager.php.

References $username.

MediaWiki\Session\SessionManager::loadSessionInfoFromStore	(	SessionInfo &	$info,
		WebRequest	$request
	)

private

Load and verify the session info against the store.

Parameters

SessionInfo	&$info	Will likely be replaced with an updated SessionInfo instance
WebRequest	$request

Returns: bool Whether the session info matches the stored data (if any)

Definition at line 726 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getSessionById(), and MediaWiki\Session\SessionManager\getSessionInfoForRequest().

MediaWiki\Session\SessionManager::preventSessionsForUser ( $username )

Prevent future sessions for the user.

The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the prevention of access).

For use from \User::newSystemUser only

Parameters

string $username

Definition at line 584 of file SessionManager.php.

References $username, as, and MediaWiki\Session\SessionManager\getProviders().

static MediaWiki\Session\SessionManager::resetCache ( )

static

Reset the internal caching for unit testing.

Definition at line 1132 of file SessionManager.php.

Referenced by MediaWikiTestCase\doLightweightServiceReset(), and MediaWikiTestCase\tearDown().

MediaWiki\Session\SessionManager::setLogger ( LoggerInterface $logger )

Definition at line 177 of file SessionManager.php.

References MediaWiki\Session\SessionManager\$logger.

Referenced by MediaWiki\Session\SessionManager\__construct().

MediaWiki\Session\SessionManager::setupPHPSessionHandler ( PHPSessionHandler $handler )

Call setters on a PHPSessionHandler.

Access:: private Use PhpSessionHandler::install()

Parameters

PHPSessionHandler $handler

Definition at line 1125 of file SessionManager.php.

References MediaWiki\Session\PHPSessionHandler\setManager(), and store.

Referenced by MediaWiki\Session\PHPSessionHandler\__construct(), and MediaWiki\Session\PHPSessionHandler\install().

MediaWiki\Session\SessionManager::shutdown ( )

Save all active sessions on shutdown For internal use with register_shutdown_function()

Definition at line 643 of file SessionManager.php.

References as.

static MediaWiki\Session\SessionManager::singleton ( )

static

Get the global SessionManager.

Returns: SessionManagerInterface (really a SessionManager, but this is to make IDEs less confused)

Definition at line 83 of file SessionManager.php.

static MediaWiki\Session\SessionManager::validateSessionId ( $id )

static

Validate a session ID.

Parameters

string $id

Returns: bool

Definition at line 362 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionInfo\__construct(), MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie(), MediaWiki\Session\CookieSessionProvider\provideSessionInfo(), and MediaWiki\Session\SessionManagerTest\testGenerateSessionId().

Member Data Documentation

SessionBackend [] MediaWiki\Session\SessionManager::$allSessionBackends = []

private

Definition at line 70 of file SessionManager.php.

SessionId [] MediaWiki\Session\SessionManager::$allSessionIds = []

private

Definition at line 73 of file SessionManager.php.

Config MediaWiki\Session\SessionManager::$config

private

Definition at line 55 of file SessionManager.php.

Session null MediaWiki\Session\SessionManager::$globalSession = null

staticprivate

Definition at line 46 of file SessionManager.php.

WebRequest null MediaWiki\Session\SessionManager::$globalSessionRequest = null

staticprivate

Definition at line 49 of file SessionManager.php.

SessionManager null MediaWiki\Session\SessionManager::$instance = null

staticprivate

Definition at line 43 of file SessionManager.php.

LoggerInterface MediaWiki\Session\SessionManager::$logger

private

Definition at line 52 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\autoCreateUser(), and MediaWiki\Session\SessionManager\setLogger().

string [] MediaWiki\Session\SessionManager::$preventUsers = []

private

Definition at line 76 of file SessionManager.php.

SessionProvider [] MediaWiki\Session\SessionManager::$sessionProviders = null

private

Definition at line 61 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getProviders().

CachedBagOStuff null MediaWiki\Session\SessionManager::$store

private

Definition at line 58 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\__construct().

string [] MediaWiki\Session\SessionManager::$varyCookies = null

private

Definition at line 64 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getVaryCookies().

array MediaWiki\Session\SessionManager::$varyHeaders = null

private

Definition at line 67 of file SessionManager.php.

Referenced by MediaWiki\Session\SessionManager\getVaryHeaders().

The documentation for this class was generated from the following file:

includes/session/SessionManager.php

Public Member Functions

Static Public Member Functions

Private Member Functions

Private Attributes

Static Private Attributes

Internal methods

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation