Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
- /**
- * Session class using native PHP session features and hardened against session fixation.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author Dariusz Debowczyk
- * @link http://www.codeigniter.com/user_guide/libraries/sessions.html
- */
- class MY_Session extends CI_Session {
- public $flash_key = 'flash'; // prefix for "flash" variables (eg. flash:new:message)
- public $object;
- public $userdata = array();
- public $sess_name = 'SGISESSID'; //name session
- /**
- * Class constructor
- * @return type
- */
- public function __construct()
- {
- $this->object =& get_instance();
- log_message('debug', "Native_session Class Initialized");
- $this->_sess_run();
- }
- /**
- * Regenerates session id
- * @return type
- */
- public function regenerate_id()
- {
- // copy old session data, including its id
- $old_session_id = session_id();
- $old_session_data = $_SESSION;
- // regenerate session id and store it
- session_regenerate_id();
- $new_session_id = session_id();
- // switch to the old session and destroy its storage
- session_id($old_session_id);
- session_destroy();
- // switch back to the new session id and send the cookie
- session_id($new_session_id);
- session_start();
- // restore the old session data into the new session
- $_SESSION = $old_session_data;
- // update the session creation time
- $_SESSION['regenerated'] = time();
- // session_write_close() patch based on this thread
- // http://www.codeigniter.com/forums/viewthread/1624/
- // there is a question mark ?? as to side affects
- // end the current session and store session data.
- session_write_close();
- }
- /**
- * Destroys the session and erases session storage
- * @return type
- */
- public function destroy()
- {
- unset($_SESSION);
- if ( isset( $_COOKIE[session_name()] ) )
- {
- setcookie(session_name(), '', time()-42000, '/');
- }
- session_destroy();
- }
- /**
- * Just call destroy method for compatibility
- * @return type
- */
- public function sess_destroy()
- {
- $this->destroy();
- }
- /**
- * Reads given session attribute value
- * @param type $item
- * @return type
- */
- public function userdata($item)
- {
- if($item == 'session_id') //added for backward-compatibility
- {
- return session_id();
- }
- else
- {
- return ( ! isset($_SESSION[$item]) ) ? false : $_SESSION[$item];
- }
- }
- /**
- * Sets session attributes to the given values
- * @param type $newdata
- * @param type $newval
- * @return type
- */
- public function set_userdata($newdata = array(), $newval = '')
- {
- if (is_string($newdata))
- {
- $newdata = array($newdata => $newval);
- }
- if (count($newdata) > 0)
- {
- foreach ($newdata as $key => $val)
- {
- $_SESSION[$key] = $val;
- }
- }
- }
- /**
- * Erases given session attributes
- * @param type $newdata
- * @return type
- */
- public function unset_userdata($newdata = array())
- {
- if (is_string($newdata))
- {
- $newdata = array($newdata => '');
- }
- if (count($newdata) > 0)
- {
- foreach ($newdata as $key => $val)
- {
- unset($_SESSION[$key]);
- }
- }
- }
- /**
- * Starts up the session system for current request
- * @return type
- */
- public function _sess_run()
- {
- // define name session
- session_name($this->sess_name);
- $session_id_ttl = $this->object->config->item('sess_expiration');
- if (is_numeric($session_id_ttl))
- {
- if ($session_id_ttl > 0)
- {
- $this->session_id_ttl = $this->object->config->item('sess_expiration');
- }
- else
- {
- $this->session_id_ttl = (60*60*24*365*2);
- }
- }
- // define time to expire session
- session_cache_expire($this->session_id_ttl);
- session_set_cookie_params($this->session_id_ttl);
- //start session
- session_start();
- // check if session id needs regeneration
- if ( $this->_session_id_expired() )
- {
- // regenerate session id (session data stays the
- // same, but old session storage is destroyed)
- $this->regenerate_id();
- }
- // delete old flashdata (from last request)
- $this->_flashdata_sweep();
- // mark all new flashdata as old (data will be deleted before next request)
- $this->_flashdata_mark();
- // set userdata with $_SESSION global
- $this->userdata = $_SESSION;
- }
- /**
- * Checks if session has expired
- * @return type
- */
- public function _session_id_expired()
- {
- if ( ! isset( $_SESSION['regenerated'] ) )
- {
- $_SESSION['regenerated'] = time();
- return FALSE;
- }
- $expiry_time = time() - $this->session_id_ttl;
- if ( $_SESSION['regenerated'] <= $expiry_time )
- {
- return TRUE;
- }
- return FALSE;
- }
- /**
- * Sets "flash" data which will be available only in next request (then it will
- * be deleted from session). You can use it to implement "Save succeeded" messages
- * after redirect.
- *
- * @param type $key
- * @param type $value
- * @return type
- */
- public function set_flashdata($key, $value)
- {
- $flash_key = $this->flash_key.':new:'.$key;
- $this->set_userdata($flash_key, $value);
- }
- /**
- * Keeps existing "flash" data available to next request.
- * @param type $key
- * @return type
- */
- public function keep_flashdata($key)
- {
- $old_flash_key = $this->flash_key.':old:'.$key;
- $value = $this->userdata($old_flash_key);
- $new_flash_key = $this->flash_key.':new:'.$key;
- $this->set_userdata($new_flash_key, $value);
- }
- /**
- * Returns "flash" data for the given key.
- * @param type $key
- * @return type
- */
- public function flashdata($key)
- {
- $flash_key = $this->flash_key.':old:'.$key;
- return $this->userdata($flash_key);
- }
- /**
- * PRIVATE: Internal method - marks "flash" session attributes as 'old'
- * @return type
- */
- public function _flashdata_mark()
- {
- foreach ($_SESSION as $name => $value)
- {
- $parts = explode(':new:', $name);
- if (is_array($parts) && count($parts) == 2)
- {
- $new_name = $this->flash_key.':old:'.$parts[1];
- $this->set_userdata($new_name, $value);
- $this->unset_userdata($name);
- }
- }
- }
- /**
- * PRIVATE: Internal method - removes "flash" session marked as 'old'
- * @return type
- */
- public function _flashdata_sweep()
- {
- foreach ($_SESSION as $name => $value)
- {
- $parts = explode(':old:', $name);
- if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flash_key)
- {
- $this->unset_userdata($name);
- }
- }
- }
- }
- /* End of file MY_Session.php */
- /* Location: /../libraries/MY_Session.php */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement