From d2b3eb6a89d574aac60dc5150b159d1a5aadd6bc Mon Sep 17 00:00:00 2001 From: Michael M Slusarz Date: Thu, 7 Oct 2010 11:02:49 -0600 Subject: [PATCH] Bug #8023: Initial creation of Horde_Session. Does nothing more than move code out of Horde_Registry. --- framework/Core/lib/Horde/Registry.php | 89 +++---------------------- framework/Core/lib/Horde/Session.php | 122 ++++++++++++++++++++++++++++++++++ framework/Core/package.xml | 6 +- horde/admin/sessions.php | 2 +- horde/bin/active_sessions | 2 +- horde/login.php | 2 +- 6 files changed, 140 insertions(+), 83 deletions(-) create mode 100644 framework/Core/lib/Horde/Session.php diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php index de94d50c7..2b49f8384 100644 --- a/framework/Core/lib/Horde/Registry.php +++ b/framework/Core/lib/Horde/Registry.php @@ -50,13 +50,6 @@ class Horde_Registry protected $_regmtime; /** - * Indicate that a new session ID has been generated for this page load. - * - * @var boolean - */ - protected $_cleansession = false; - - /** * Stack of in-use applications. * * @var array @@ -92,13 +85,6 @@ class Horde_Registry public $nlsconfig = array(); /** - * The session handler object. - * - * @var Horde_SessionHandler - */ - public $sessionHandler = null; - - /** * Application bootstrap initialization. * Solves chicken-and-egg problem - need a way to init Horde environment * from application without an active Horde_Registry object. @@ -115,6 +101,7 @@ class Horde_Registry * $notification - Horde_Notification object * $prefs - Horde_Prefs object * $registry - Horde_Registry object + * $session - Horde_Session object * * @param string $app The application to initialize. * @param array $args Optional arguments: @@ -452,16 +439,16 @@ class Horde_Registry empty($_SERVER['SERVER_NAME']))) { /* Never start a session if the session flags include SESSION_NONE. */ - $_SESSION = array(); - $this->setupSessionHandler(false); + $GLOBALS['session'] = $session = new Horde_Session(false); } else { - $this->setupSessionHandler(); + $GLOBALS['session'] = $session = new Horde_Session(); if ($session_flags & self::SESSION_READONLY) { - /* Close the session immediately so no changes can be - made but values are still available. */ - session_write_close(); + /* Close the session immediately so no changes can be made but + values are still available. */ + $session->close(); } } + $injector->setInstance('Horde_Session', $session); /* Always need to load applications information. */ $this->_loadApplicationsCache($vhost); @@ -1663,66 +1650,15 @@ class Horde_Registry } /** - * Sets a custom session handler up, if there is one. - * - * The custom session handler object will be contained in the - * $sessionHandler public member variable. - * - * @param boolean $start Initiate the session? - * - * @throws Horde_Exception - */ - public function setupSessionHandler($start = true) - { - global $conf; - - ini_set('url_rewriter.tags', 0); - if (empty($conf['session']['use_only_cookies'])) { - ini_set('session.use_only_cookies', 0); - } else { - ini_set('session.use_only_cookies', 1); - if (!empty($conf['cookie']['domain']) && - (strpos($conf['server']['name'], '.') === false)) { - throw new Horde_Exception('Session cookies will not work without a FQDN and with a non-empty cookie domain. Either use a fully qualified domain name like "http://www.example.com" instead of "http://example" only, or set the cookie domain in the Horde configuration to an empty value, or enable non-cookie (url-based) sessions in the Horde configuration.'); - } - } - - session_set_cookie_params( - $conf['session']['timeout'], - $conf['cookie']['path'], - $conf['cookie']['domain'], - $conf['use_ssl'] == 1 ? 1 : 0 - ); - session_cache_limiter(is_null($this->initParams['session_cache_limiter']) ? $conf['session']['cache_limiter'] : $this->initParams['session_cache_limiter']); - session_name(urlencode($conf['session']['name'])); - - /* We want to create an instance here, not get, since we may be - * destroying the previous instances in the page. */ - $this->sessionHandler = $GLOBALS['injector']->createInstance('Horde_Core_Factory_SessionHandler'); - - if ($start) { - session_start(); - } - } - - /** * Destroys any existing session on login and make sure to use a new * session ID, to avoid session fixation issues. Should be called before * checking a login. */ public function getCleanSession() { - if ($this->_cleansession) { - return; - } - - // Make sure to force a completely new session ID and clear all - // session data. - session_regenerate_id(true); - session_unset(); - - /* Reset cookie timeouts, if necessary. */ - if (!empty($GLOBALS['conf']['session']['timeout'])) { + if ($GLOBALS['session']->clean() && + !empty($GLOBALS['conf']['session']['timeout'])) { + /* Reset cookie timeouts, if necessary. */ $app = $this->getApp(); $secret = $GLOBALS['injector']->getInstance('Horde_Secret'); if ($secret->clearKey($app)) { @@ -1730,8 +1666,6 @@ class Horde_Registry } $secret->setKey('auth'); } - - $this->_cleansession = true; } /** @@ -1756,8 +1690,7 @@ class Horde_Registry $GLOBALS['injector']->getInstance('Horde_Core_Factory_Prefs')->clearCache(); if ($destroy) { - session_destroy(); - $this->_cleansession = true; + $GLOBALS['session']->destroy(); } } diff --git a/framework/Core/lib/Horde/Session.php b/framework/Core/lib/Horde/Session.php new file mode 100644 index 000000000..2bb278241 --- /dev/null +++ b/framework/Core/lib/Horde/Session.php @@ -0,0 +1,122 @@ + + * @category Horde + * @license http://www.fsf.org/copyleft/lgpl.html LGPL + * @package Core + */ +class Horde_Session +{ + /** + * The session handler object. + * + * @var Horde_SessionHandler + */ + public $sessionHandler = null; + + /** + * Indicate that a new session ID has been generated for this page load. + * + * @var boolean + */ + protected $_cleansession = false; + + /** + * Constructor. + * + * @param boolean $start Initiate the session? + */ + public function __construct($start = true) + { + $this->setup($start); + } + + /** + * Sets a custom session handler up, if there is one. + * + * @param boolean $start Initiate the session? + * + * @throws Horde_Exception + */ + public function setup($start = true) + { + global $conf, $registry; + + ini_set('url_rewriter.tags', 0); + if (empty($conf['session']['use_only_cookies'])) { + ini_set('session.use_only_cookies', 0); + } else { + ini_set('session.use_only_cookies', 1); + if (!empty($conf['cookie']['domain']) && + (strpos($conf['server']['name'], '.') === false)) { + throw new Horde_Exception('Session cookies will not work without a FQDN and with a non-empty cookie domain. Either use a fully qualified domain name like "http://www.example.com" instead of "http://example" only, or set the cookie domain in the Horde configuration to an empty value, or enable non-cookie (url-based) sessions in the Horde configuration.'); + } + } + + session_set_cookie_params( + $conf['session']['timeout'], + $conf['cookie']['path'], + $conf['cookie']['domain'], + $conf['use_ssl'] == 1 ? 1 : 0 + ); + session_cache_limiter(is_null($registry->initParams['session_cache_limiter']) ? $conf['session']['cache_limiter'] : $registry->initParams['session_cache_limiter']); + session_name(urlencode($conf['session']['name'])); + + /* We want to create an instance here, not get, since we may be + * destroying the previous instances in the page. */ + $this->sessionHandler = $GLOBALS['injector']->createInstance('Horde_Core_Factory_SessionHandler'); + + if ($start) { + session_start(); + } + } + + /** + * Destroys any existing session on login and make sure to use a new + * session ID, to avoid session fixation issues. Should be called before + * checking a login. + * + * @return boolean True if the session was cleaned. + */ + public function clean() + { + if ($this->_cleansession) { + return false; + } + + // Make sure to force a completely new session ID and clear all + // session data. + session_regenerate_id(true); + session_unset(); + + $this->_cleansession = true; + + return true; + } + + /** + * Close the current session. + */ + public function close() + { + session_write_close(); + } + + /** + * Destroy the current session. + */ + public function destroy() + { + session_destroy(); + $this->_cleansession = true; + } + +} diff --git a/framework/Core/package.xml b/framework/Core/package.xml index b59daad13..d019ce719 100644 --- a/framework/Core/package.xml +++ b/framework/Core/package.xml @@ -34,8 +34,8 @@ Application Framework. beta LGPL - -* Add Horde::addInlineJsVars(). + * Add Horde_Session. + * Add Horde::addInlineJsVars(). * Remove Horde::nocacheUrl() and Horde::url() (Ticket #9160). * Absorb horde/Ui package. * Absorb horde/Ajax package. @@ -247,6 +247,7 @@ Application Framework. + @@ -401,6 +402,7 @@ Application Framework. + diff --git a/horde/admin/sessions.php b/horde/admin/sessions.php index 111674414..0c1adefef 100644 --- a/horde/admin/sessions.php +++ b/horde/admin/sessions.php @@ -22,7 +22,7 @@ require HORDE_TEMPLATES . '/admin/menu.inc'; echo '

' . _("Current Sessions"); try { - $session_info = $registry->sessionHandler->getSessionsInfo(); + $session_info = $session->sessionHandler->getSessionsInfo(); echo ' (' . count($session_info) . ')

' . '
    '; diff --git a/horde/bin/active_sessions b/horde/bin/active_sessions index ef8ddb5e4..d62019677 100755 --- a/horde/bin/active_sessions +++ b/horde/bin/active_sessions @@ -25,7 +25,7 @@ Horde_Registry::appInit('horde', array( )); try { - $sessions = $registry->sessionHandler->getSessionsInfo(); + $sessions = $session->sessionHandler->getSessionsInfo(); } catch (Horde_SessionHandler_Exception $e) { $cli->fatal('Session counting is not supported with the current session handler.'); } diff --git a/horde/login.php b/horde/login.php index 9201ee391..a75729f04 100644 --- a/horde/login.php +++ b/horde/login.php @@ -138,7 +138,7 @@ if ($logout_reason) { _addAnchor($logout_url, 'url', $vars, $url_anchor)->redirect(); } - $registry->setupSessionHandler(); + $session->setup(); $registry->setLanguageEnvironment($language, $vars->app); /* Hook to preselect the correct language in the widget. */ -- 2.11.0