Does nothing more than move code out of Horde_Registry.
protected $_regmtime;
/**
- * Indicate that a new session ID has been generated for this page load.
- *
- * @var boolean
- */
- protected $_cleansession = false;
-
- /**
* Stack of in-use applications.
*
* @var array
public $nlsconfig = array();
/**
- * The session handler object.
- *
- * @var Horde_SessionHandler
- */
- public $sessionHandler = null;
-
- /**
* Application bootstrap initialization.
* Solves chicken-and-egg problem - need a way to init Horde environment
* from application without an active Horde_Registry object.
* $notification - Horde_Notification object
* $prefs - Horde_Prefs object
* $registry - Horde_Registry object
+ * $session - Horde_Session object
*
* @param string $app The application to initialize.
* @param array $args Optional arguments:
empty($_SERVER['SERVER_NAME']))) {
/* Never start a session if the session flags include
SESSION_NONE. */
- $_SESSION = array();
- $this->setupSessionHandler(false);
+ $GLOBALS['session'] = $session = new Horde_Session(false);
} else {
- $this->setupSessionHandler();
+ $GLOBALS['session'] = $session = new Horde_Session();
if ($session_flags & self::SESSION_READONLY) {
- /* Close the session immediately so no changes can be
- made but values are still available. */
- session_write_close();
+ /* Close the session immediately so no changes can be made but
+ values are still available. */
+ $session->close();
}
}
+ $injector->setInstance('Horde_Session', $session);
/* Always need to load applications information. */
$this->_loadApplicationsCache($vhost);
}
/**
- * Sets a custom session handler up, if there is one.
- *
- * The custom session handler object will be contained in the
- * $sessionHandler public member variable.
- *
- * @param boolean $start Initiate the session?
- *
- * @throws Horde_Exception
- */
- public function setupSessionHandler($start = true)
- {
- global $conf;
-
- ini_set('url_rewriter.tags', 0);
- if (empty($conf['session']['use_only_cookies'])) {
- ini_set('session.use_only_cookies', 0);
- } else {
- ini_set('session.use_only_cookies', 1);
- if (!empty($conf['cookie']['domain']) &&
- (strpos($conf['server']['name'], '.') === false)) {
- throw new Horde_Exception('Session cookies will not work without a FQDN and with a non-empty cookie domain. Either use a fully qualified domain name like "http://www.example.com" instead of "http://example" only, or set the cookie domain in the Horde configuration to an empty value, or enable non-cookie (url-based) sessions in the Horde configuration.');
- }
- }
-
- session_set_cookie_params(
- $conf['session']['timeout'],
- $conf['cookie']['path'],
- $conf['cookie']['domain'],
- $conf['use_ssl'] == 1 ? 1 : 0
- );
- session_cache_limiter(is_null($this->initParams['session_cache_limiter']) ? $conf['session']['cache_limiter'] : $this->initParams['session_cache_limiter']);
- session_name(urlencode($conf['session']['name']));
-
- /* We want to create an instance here, not get, since we may be
- * destroying the previous instances in the page. */
- $this->sessionHandler = $GLOBALS['injector']->createInstance('Horde_Core_Factory_SessionHandler');
-
- if ($start) {
- session_start();
- }
- }
-
- /**
* Destroys any existing session on login and make sure to use a new
* session ID, to avoid session fixation issues. Should be called before
* checking a login.
*/
public function getCleanSession()
{
- if ($this->_cleansession) {
- return;
- }
-
- // Make sure to force a completely new session ID and clear all
- // session data.
- session_regenerate_id(true);
- session_unset();
-
- /* Reset cookie timeouts, if necessary. */
- if (!empty($GLOBALS['conf']['session']['timeout'])) {
+ if ($GLOBALS['session']->clean() &&
+ !empty($GLOBALS['conf']['session']['timeout'])) {
+ /* Reset cookie timeouts, if necessary. */
$app = $this->getApp();
$secret = $GLOBALS['injector']->getInstance('Horde_Secret');
if ($secret->clearKey($app)) {
}
$secret->setKey('auth');
}
-
- $this->_cleansession = true;
}
/**
$GLOBALS['injector']->getInstance('Horde_Core_Factory_Prefs')->clearCache();
if ($destroy) {
- session_destroy();
- $this->_cleansession = true;
+ $GLOBALS['session']->destroy();
}
}
--- /dev/null
+<?php
+/**
+ * The Horde_Session:: class provides a set of methods for handling the
+ * administration and contents of the Horde session variable.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @author Michael Slusarz <slusarz@horde.org>
+ * @category Horde
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @package Core
+ */
+class Horde_Session
+{
+ /**
+ * The session handler object.
+ *
+ * @var Horde_SessionHandler
+ */
+ public $sessionHandler = null;
+
+ /**
+ * Indicate that a new session ID has been generated for this page load.
+ *
+ * @var boolean
+ */
+ protected $_cleansession = false;
+
+ /**
+ * Constructor.
+ *
+ * @param boolean $start Initiate the session?
+ */
+ public function __construct($start = true)
+ {
+ $this->setup($start);
+ }
+
+ /**
+ * Sets a custom session handler up, if there is one.
+ *
+ * @param boolean $start Initiate the session?
+ *
+ * @throws Horde_Exception
+ */
+ public function setup($start = true)
+ {
+ global $conf, $registry;
+
+ ini_set('url_rewriter.tags', 0);
+ if (empty($conf['session']['use_only_cookies'])) {
+ ini_set('session.use_only_cookies', 0);
+ } else {
+ ini_set('session.use_only_cookies', 1);
+ if (!empty($conf['cookie']['domain']) &&
+ (strpos($conf['server']['name'], '.') === false)) {
+ throw new Horde_Exception('Session cookies will not work without a FQDN and with a non-empty cookie domain. Either use a fully qualified domain name like "http://www.example.com" instead of "http://example" only, or set the cookie domain in the Horde configuration to an empty value, or enable non-cookie (url-based) sessions in the Horde configuration.');
+ }
+ }
+
+ session_set_cookie_params(
+ $conf['session']['timeout'],
+ $conf['cookie']['path'],
+ $conf['cookie']['domain'],
+ $conf['use_ssl'] == 1 ? 1 : 0
+ );
+ session_cache_limiter(is_null($registry->initParams['session_cache_limiter']) ? $conf['session']['cache_limiter'] : $registry->initParams['session_cache_limiter']);
+ session_name(urlencode($conf['session']['name']));
+
+ /* We want to create an instance here, not get, since we may be
+ * destroying the previous instances in the page. */
+ $this->sessionHandler = $GLOBALS['injector']->createInstance('Horde_Core_Factory_SessionHandler');
+
+ if ($start) {
+ session_start();
+ }
+ }
+
+ /**
+ * Destroys any existing session on login and make sure to use a new
+ * session ID, to avoid session fixation issues. Should be called before
+ * checking a login.
+ *
+ * @return boolean True if the session was cleaned.
+ */
+ public function clean()
+ {
+ if ($this->_cleansession) {
+ return false;
+ }
+
+ // Make sure to force a completely new session ID and clear all
+ // session data.
+ session_regenerate_id(true);
+ session_unset();
+
+ $this->_cleansession = true;
+
+ return true;
+ }
+
+ /**
+ * Close the current session.
+ */
+ public function close()
+ {
+ session_write_close();
+ }
+
+ /**
+ * Destroy the current session.
+ */
+ public function destroy()
+ {
+ session_destroy();
+ $this->_cleansession = true;
+ }
+
+}
<api>beta</api>
</stability>
<license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
- <notes>
-* Add Horde::addInlineJsVars().
+ <notes> * Add Horde_Session.
+ * Add Horde::addInlineJsVars().
* Remove Horde::nocacheUrl() and Horde::url() (Ticket #9160).
* Absorb horde/Ui package.
* Absorb horde/Ajax package.
<file name="Help.php" role="php" />
<file name="Menu.php" role="php" />
<file name="Registry.php" role="php" />
+ <file name="Session.php" role="php" />
<file name="Themes.php" role="php" />
</dir> <!-- /lib/Horde -->
<file name="Horde.php" role="php" />
<install as="Horde/Help.php" name="lib/Horde/Help.php" />
<install as="Horde/Menu.php" name="lib/Horde/Menu.php" />
<install as="Horde/Registry.php" name="lib/Horde/Registry.php" />
+ <install as="Horde/Session.php" name="lib/Horde/Session.php" />
<install as="Horde/Themes.php" name="lib/Horde/Themes.php" />
<install as="Horde/Config/Form.php" name="lib/Horde/Config/Form.php" />
<install as="Horde/Core/Sidebar.php" name="lib/Horde/Core/Sidebar.php" />
echo '<h1 class="header">' . _("Current Sessions");
try {
- $session_info = $registry->sessionHandler->getSessionsInfo();
+ $session_info = $session->sessionHandler->getSessionsInfo();
echo ' (' . count($session_info) . ')</h1>' .
'<ul class="headerbox linedRow">';
));
try {
- $sessions = $registry->sessionHandler->getSessionsInfo();
+ $sessions = $session->sessionHandler->getSessionsInfo();
} catch (Horde_SessionHandler_Exception $e) {
$cli->fatal('Session counting is not supported with the current session handler.');
}
_addAnchor($logout_url, 'url', $vars, $url_anchor)->redirect();
}
- $registry->setupSessionHandler();
+ $session->setup();
$registry->setLanguageEnvironment($language, $vars->app);
/* Hook to preselect the correct language in the widget. */
projects / horde.git / commitdiff