<?php
/**
* Part of the Joomla Framework Session Package
*
* @copyright Copyright (C) 2005 - 2021 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
namespace Joomla\Session\Storage;
use Joomla\Session\HandlerInterface;
use Joomla\Session\StorageInterface;
/**
* Base class providing a session store
*
* @since 2.0.0
*/
class NativeStorage implements StorageInterface
{
/**
* Flag if the session is active
*
* @var boolean
* @since 2.0.0
*/
private $active = false;
/**
* Internal flag identifying whether the session has been closed
*
* @var boolean
* @since 2.0.0
*/
private $closed = false;
/**
* Session save handler
*
* @var \SessionHandlerInterface
* @since 2.0.0
*/
private $handler;
/**
* Internal flag identifying whether the session has been started
*
* @var boolean
* @since 2.0.0
*/
private $started = false;
/**
* Constructor
*
* @param ?\SessionHandlerInterface $handler Session save handler
* @param array $options Session options
*
* @since 1.0
*/
public function __construct(?\SessionHandlerInterface $handler = null, array $options = [])
{
// Disable transparent sid support and default use cookies
$options += [
'use_cookies' => 1,
'use_trans_sid' => 0,
];
if (!headers_sent()) {
session_cache_limiter('none');
}
session_register_shutdown();
$this->setOptions($options);
$this->setHandler($handler);
}
/**
* Retrieves all variables from the session store
*
* @return array
*
* @since 2.0.0
*/
public function all(): array
{
return $_SESSION;
}
/**
* Clears all variables from the session store
*
* @return void
*
* @since 2.0.0
*/
public function clear(): void
{
$_SESSION = [];
}
/**
* Writes session data and ends session
*
* @return void
*
* @see session_write_close()
* @since 2.0.0
*/
public function close(): void
{
session_write_close();
$this->closed = true;
$this->started = false;
}
/**
* Perform session data garbage collection
*
* @return integer|boolean Number of deleted sessions on success or boolean false on failure or if the function is unsupported
*
* @see session_gc()
* @since 2.0.0
*/
public function gc()
{
if (!$this->isStarted()) {
$this->start();
}
return session_gc();
}
/**
* Aborts the current session
*
* @return boolean
*
* @see session_abort()
* @since 2.0.0
*/
public function abort(): bool
{
if (!$this->isStarted()) {
return true;
}
return session_abort();
}
/**
* Get data from the session store
*
* @param string $name Name of a variable
* @param mixed $default Default value of a variable if not set
*
* @return mixed Value of a variable
*
* @since 2.0.0
*/
public function get(string $name, $default)
{
if (!$this->isStarted()) {
$this->start();
}
if (isset($_SESSION[$name])) {
return $_SESSION[$name];
}
return $default;
}
/**
* Gets the save handler instance
*
* @return \SessionHandlerInterface|null
*
* @since 2.0.0
*/
public function getHandler(): ?\SessionHandlerInterface
{
return $this->handler;
}
/**
* Get the session ID
*
* @return string The session ID
*
* @since 2.0.0
*/
public function getId(): string
{
return session_id();
}
/**
* Get the session name
*
* @return string The session name
*
* @since 2.0.0
*/
public function getName(): string
{
return session_name();
}
/**
* Check whether data exists in the session store
*
* @param string $name Name of variable
*
* @return boolean
*
* @since 2.0.0
*/
public function has(string $name): bool
{
if (!$this->isStarted()) {
$this->start();
}
return isset($_SESSION[$name]);
}
/**
* Check if the session is active
*
* @return boolean
*
* @since 2.0.0
*/
public function isActive(): bool
{
return $this->active = session_status() === \PHP_SESSION_ACTIVE;
}
/**
* Check if the session is started
*
* @return boolean
*
* @since 2.0.0
*/
public function isStarted(): bool
{
return $this->started;
}
/**
* Unset a variable from the session store
*
* @param string $name Name of variable
*
* @return mixed The value from session or NULL if not set
*
* @since 2.0.0
*/
public function remove(string $name)
{
if (!$this->isStarted()) {
$this->start();
}
$old = $_SESSION[$name] ?? null;
unset($_SESSION[$name]);
return $old;
}
/**
* Regenerates the session ID that represents this storage.
*
* This method must invoke session_regenerate_id($destroy) unless this interface is used for a storage object designed for unit
* or functional testing where a real PHP session would interfere with testing.
*
* @param boolean $destroy Destroy session when regenerating?
*
* @return boolean True on success
*
* @see session_regenerate_id()
* @since 2.0.0
*/
public function regenerate(bool $destroy = false): bool
{
if (headers_sent() || !$this->isActive()) {
return false;
}
return session_regenerate_id($destroy);
}
/**
* Set data into the session store
*
* @param string $name Name of a variable
* @param mixed $value Value of a variable
*
* @return mixed Old value of a variable
*
* @since 2.0.0
*/
public function set(string $name, $value = null)
{
if (!$this->isStarted()) {
$this->start();
}
$old = $_SESSION[$name] ?? null;
$_SESSION[$name] = $value;
return $old;
}
/**
* Registers session save handler as a PHP session handler
*
* @param ?\SessionHandlerInterface $handler The save handler to use
*
* @return $this
*
* @since 2.0.0
* @throws \RuntimeException
*/
public function setHandler(?\SessionHandlerInterface $handler = null): self
{
// If the handler is an instance of our HandlerInterface, check whether it is supported
if ($handler instanceof HandlerInterface) {
if (!$handler::isSupported()) {
throw new \RuntimeException(
sprintf(
'The "%s" handler is not supported in this environment.',
\get_class($handler)
)
);
}
}
$this->handler = $handler;
if (!headers_sent() && !$this->isActive()) {
session_set_save_handler($this->handler, false);
}
return $this;
}
/**
* Set the session ID
*
* @param string $id The session ID
*
* @return $this
*
* @since 2.0.0
* @throws \LogicException
*/
public function setId(string $id)
{
if ($this->isActive()) {
throw new \LogicException('Cannot change the ID of an active session');
}
session_id($id);
return $this;
}
/**
* Set the session name
*
* @param string $name The session name
*
* @return $this
*
* @since 2.0.0
* @throws \LogicException
*/
public function setName(string $name)
{
if ($this->isActive()) {
throw new \LogicException('Cannot change the name of an active session');
}
session_name($name);
return $this;
}
/**
* Sets session.* ini variables.
*
* For convenience we omit 'session.' from the beginning of the keys.
* Explicitly ignores other ini keys.
*
* @param array $options Session ini directives array(key => value).
*
* @return $this
*
* @note Based on \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::setOptions()
* @see http://php.net/session.configuration
* @since 2.0.0
*/
public function setOptions(array $options): self
{
if (headers_sent() || $this->isActive()) {
return $this;
}
$validOptions = array_flip(
[
'cache_limiter', 'cache_expire', 'cookie_domain', 'cookie_httponly', 'cookie_lifetime', 'cookie_path', 'cookie_secure', 'gc_divisor',
'gc_maxlifetime', 'gc_probability', 'lazy_write', 'name', 'referer_check', 'serialize_handler', 'use_strict_mode', 'use_cookies',
'use_only_cookies', 'use_trans_sid', 'upload_progress.enabled', 'upload_progress.cleanup', 'upload_progress.prefix',
'upload_progress.name', 'upload_progress.freq', 'upload_progress.min-freq', 'url_rewriter.tags', 'sid_length',
'sid_bits_per_character', 'trans_sid_hosts', 'trans_sid_tags',
]
);
foreach ($options as $key => $value) {
if (isset($validOptions[$key])) {
ini_set('session.' . $key, $value);
}
}
return $this;
}
/**
* Start a session
*
* @return void
*
* @since 2.0.0
*/
public function start(): void
{
if ($this->isStarted()) {
return;
}
if ($this->isActive()) {
throw new \RuntimeException('Failed to start the session: already started by PHP.');
}
if (ini_get('session.use_cookies') && headers_sent($file, $line)) {
throw new \RuntimeException(
sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line)
);
}
if (!session_start()) {
throw new \RuntimeException('Failed to start the session');
}
$this->isActive();
$this->closed = false;
$this->started = true;
}
}