SHARE
TWEET

Session native php Codeigniter

a guest Feb 25th, 2014 130 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
  2.  
  3. /**
  4. * Session class using native PHP session features and hardened against session fixation.
  5. *
  6. * @package     CodeIgniter
  7. * @subpackage  Libraries
  8. * @category    Sessions
  9. * @author      Dariusz Debowczyk
  10. * @link        http://www.codeigniter.com/user_guide/libraries/sessions.html
  11. */
  12. class MY_Session extends CI_Session {
  13.  
  14.     public $flash_key = 'flash'; // prefix for "flash" variables (eg. flash:new:message)
  15.  
  16.     public $object;
  17.    
  18.     public $userdata = array();
  19.    
  20.     public $sess_name = 'SGISESSID'; //name session
  21.  
  22.     /**
  23.      * Class constructor
  24.      * @return type
  25.      */
  26.     public function __construct()
  27.     {
  28.         $this->object =& get_instance();
  29.         log_message('debug', "Native_session Class Initialized");
  30.         $this->_sess_run();
  31.     }
  32.  
  33.    /**
  34.     * Regenerates session id
  35.     * @return type
  36.     */
  37.     public function regenerate_id()
  38.     {
  39.         // copy old session data, including its id
  40.         $old_session_id = session_id();
  41.         $old_session_data = $_SESSION;
  42.  
  43.         // regenerate session id and store it
  44.         session_regenerate_id();
  45.         $new_session_id = session_id();
  46.  
  47.         // switch to the old session and destroy its storage
  48.         session_id($old_session_id);
  49.         session_destroy();
  50.  
  51.         // switch back to the new session id and send the cookie
  52.         session_id($new_session_id);
  53.         session_start();
  54.  
  55.         // restore the old session data into the new session
  56.         $_SESSION = $old_session_data;
  57.  
  58.         // update the session creation time
  59.         $_SESSION['regenerated'] = time();
  60.  
  61.         // session_write_close() patch based on this thread
  62.         // http://www.codeigniter.com/forums/viewthread/1624/
  63.         // there is a question mark ?? as to side affects
  64.  
  65.         // end the current session and store session data.
  66.         session_write_close();
  67.     }
  68.  
  69.    /**
  70.     * Destroys the session and erases session storage
  71.     * @return type
  72.     */
  73.     public function destroy()
  74.     {
  75.         unset($_SESSION);
  76.         if ( isset( $_COOKIE[session_name()] ) )
  77.         {
  78.             setcookie(session_name(), '', time()-42000, '/');
  79.         }
  80.         session_destroy();
  81.     }
  82.  
  83.    /**
  84.     * Just call destroy method for compatibility
  85.     * @return type
  86.     */
  87.     public function sess_destroy()
  88.     {
  89.         $this->destroy();
  90.     }
  91.  
  92.     /**
  93.      * Reads given session attribute value
  94.      * @param type $item
  95.      * @return type
  96.      */
  97.     public function userdata($item)
  98.     {
  99.         if($item == 'session_id') //added for backward-compatibility
  100.         {
  101.             return session_id();
  102.         }
  103.         else
  104.         {
  105.             return ( ! isset($_SESSION[$item]) ) ? false : $_SESSION[$item];
  106.         }
  107.     }
  108.  
  109.    /**
  110.     * Sets session attributes to the given values
  111.     * @param type $newdata
  112.     * @param type $newval
  113.     * @return type
  114.     */
  115.     public function set_userdata($newdata = array(), $newval = '')
  116.     {
  117.         if (is_string($newdata))
  118.         {
  119.             $newdata = array($newdata => $newval);
  120.         }
  121.  
  122.         if (count($newdata) > 0)
  123.         {
  124.             foreach ($newdata as $key => $val)
  125.             {
  126.                 $_SESSION[$key] = $val;
  127.             }
  128.         }
  129.     }
  130.  
  131.    /**
  132.     * Erases given session attributes
  133.     * @param type $newdata
  134.     * @return type
  135.     */
  136.     public function unset_userdata($newdata = array())
  137.     {
  138.         if (is_string($newdata))
  139.         {
  140.             $newdata = array($newdata => '');
  141.         }
  142.  
  143.         if (count($newdata) > 0)
  144.         {
  145.             foreach ($newdata as $key => $val)
  146.             {
  147.                 unset($_SESSION[$key]);
  148.             }
  149.         }
  150.     }
  151.  
  152.    /**
  153.     * Starts up the session system for current request
  154.     * @return type
  155.     */
  156.     public function _sess_run()
  157.     {
  158.         // define name session
  159.         session_name($this->sess_name);
  160.  
  161.         $session_id_ttl = $this->object->config->item('sess_expiration');
  162.  
  163.         if (is_numeric($session_id_ttl))
  164.         {
  165.             if ($session_id_ttl > 0)
  166.             {
  167.                 $this->session_id_ttl = $this->object->config->item('sess_expiration');
  168.             }
  169.             else
  170.             {
  171.                 $this->session_id_ttl = (60*60*24*365*2);
  172.             }
  173.         }
  174.  
  175.         // define time to expire session
  176.         session_cache_expire($this->session_id_ttl);
  177.         session_set_cookie_params($this->session_id_ttl);
  178.  
  179.         //start session
  180.         session_start();
  181.  
  182.  
  183.         // check if session id needs regeneration
  184.         if ( $this->_session_id_expired() )
  185.         {
  186.             // regenerate session id (session data stays the
  187.             // same, but old session storage is destroyed)
  188.             $this->regenerate_id();
  189.         }
  190.  
  191.         // delete old flashdata (from last request)
  192.         $this->_flashdata_sweep();
  193.  
  194.         // mark all new flashdata as old (data will be deleted before next request)
  195.         $this->_flashdata_mark();
  196.  
  197.         // set userdata with $_SESSION global
  198.         $this->userdata = $_SESSION;
  199.     }
  200.  
  201.     /**
  202.      * Checks if session has expired
  203.      * @return type
  204.      */
  205.     public function _session_id_expired()
  206.     {
  207.         if ( ! isset( $_SESSION['regenerated'] ) )
  208.         {
  209.             $_SESSION['regenerated'] = time();
  210.             return FALSE;
  211.         }
  212.  
  213.         $expiry_time = time() - $this->session_id_ttl;
  214.  
  215.         if ( $_SESSION['regenerated'] <=  $expiry_time )
  216.         {
  217.             return TRUE;
  218.         }
  219.  
  220.         return FALSE;
  221.     }
  222.  
  223.    /**
  224.     * Sets "flash" data which will be available only in next request (then it will
  225.     * be deleted from session). You can use it to implement "Save succeeded" messages
  226.     * after redirect.
  227.     *
  228.     * @param type $key
  229.     * @param type $value
  230.     * @return type
  231.     */
  232.     public function set_flashdata($key, $value)
  233.     {
  234.         $flash_key = $this->flash_key.':new:'.$key;
  235.         $this->set_userdata($flash_key, $value);
  236.     }
  237.  
  238.    /**
  239.     * Keeps existing "flash" data available to next request.
  240.     * @param type $key
  241.     * @return type
  242.     */
  243.     public function keep_flashdata($key)
  244.     {
  245.         $old_flash_key = $this->flash_key.':old:'.$key;
  246.         $value = $this->userdata($old_flash_key);
  247.  
  248.         $new_flash_key = $this->flash_key.':new:'.$key;
  249.         $this->set_userdata($new_flash_key, $value);
  250.     }
  251.  
  252.    /**
  253.     * Returns "flash" data for the given key.
  254.     * @param type $key
  255.     * @return type
  256.     */
  257.     public function flashdata($key)
  258.     {
  259.         $flash_key = $this->flash_key.':old:'.$key;
  260.         return $this->userdata($flash_key);
  261.     }
  262.  
  263.    /**
  264.     * PRIVATE: Internal method - marks "flash" session attributes as 'old'
  265.     * @return type
  266.     */
  267.     public function _flashdata_mark()
  268.     {
  269.         foreach ($_SESSION as $name => $value)
  270.         {
  271.             $parts = explode(':new:', $name);
  272.             if (is_array($parts) && count($parts) == 2)
  273.             {
  274.                 $new_name = $this->flash_key.':old:'.$parts[1];
  275.                 $this->set_userdata($new_name, $value);
  276.                 $this->unset_userdata($name);
  277.             }
  278.         }
  279.     }
  280.  
  281.    /**
  282.     * PRIVATE: Internal method - removes "flash" session marked as 'old'
  283.     * @return type
  284.     */
  285.     public function _flashdata_sweep()
  286.     {
  287.         foreach ($_SESSION as $name => $value)
  288.         {
  289.             $parts = explode(':old:', $name);
  290.             if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flash_key)
  291.             {
  292.                 $this->unset_userdata($name);
  293.             }
  294.         }
  295.     }
  296.  
  297. }
  298.  
  299. /* End of file MY_Session.php */
  300. /* Location: /../libraries/MY_Session.php */
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top