Session native php Codeigniter

1. <?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
2.  
3. /**
4. * Session class using native PHP session features and hardened against session fixation.
5. *
6. * @package     CodeIgniter
7. * @subpackage  Libraries
8. * @category    Sessions
9. * @author      Dariusz Debowczyk
10. * @link        http://www.codeigniter.com/user_guide/libraries/sessions.html
11. */
12. class MY_Session extends CI_Session {
13.  
14.     public $flash_key = 'flash'; // prefix for "flash" variables (eg. flash:new:message)
15.  
16.     public $object;
17.    
18.     public $userdata = array();
19.    
20.     public $sess_name = 'SGISESSID'; //name session
21.  
22.     /**
23.      * Class constructor
24.      * @return type
25.      */
26.     public function __construct()
27.     {
28.         $this->object =& get_instance();
29.         log_message('debug', "Native_session Class Initialized");
30.         $this->_sess_run();
31.     }
32.  
33.    /**
34.     * Regenerates session id
35.     * @return type
36.     */
37.     public function regenerate_id()
38.     {
39.         // copy old session data, including its id
40.         $old_session_id = session_id();
41.         $old_session_data = $_SESSION;
42.  
43.         // regenerate session id and store it
44.         session_regenerate_id();
45.         $new_session_id = session_id();
46.  
47.         // switch to the old session and destroy its storage
48.         session_id($old_session_id);
49.         session_destroy();
50.  
51.         // switch back to the new session id and send the cookie
52.         session_id($new_session_id);
53.         session_start();
54.  
55.         // restore the old session data into the new session
56.         $_SESSION = $old_session_data;
57.  
58.         // update the session creation time
59.         $_SESSION['regenerated'] = time();
60.  
61.         // session_write_close() patch based on this thread
62.         // http://www.codeigniter.com/forums/viewthread/1624/
63.         // there is a question mark ?? as to side affects
64.  
65.         // end the current session and store session data.
66.         session_write_close();
67.     }
68.  
69.    /**
70.     * Destroys the session and erases session storage
71.     * @return type
72.     */
73.     public function destroy()
74.     {
75.         unset($_SESSION);
76.         if ( isset( $_COOKIE[session_name()] ) )
77.         {
78.             setcookie(session_name(), '', time()-42000, '/');
79.         }
80.         session_destroy();
81.     }
82.  
83.    /**
84.     * Just call destroy method for compatibility
85.     * @return type
86.     */
87.     public function sess_destroy()
88.     {
89.         $this->destroy();
90.     }
91.  
92.     /**
93.      * Reads given session attribute value
94.      * @param type $item
95.      * @return type
96.      */
97.     public function userdata($item)
98.     {
99.         if($item == 'session_id') //added for backward-compatibility
100.         {
101.             return session_id();
102.         }
103.         else
104.         {
105.             return ( ! isset($_SESSION[$item]) ) ? false : $_SESSION[$item];
106.         }
107.     }
108.  
109.    /**
110.     * Sets session attributes to the given values
111.     * @param type $newdata
112.     * @param type $newval
113.     * @return type
114.     */
115.     public function set_userdata($newdata = array(), $newval = '')
116.     {
117.         if (is_string($newdata))
118.         {
119.             $newdata = array($newdata => $newval);
120.         }
121.  
122.         if (count($newdata) > 0)
123.         {
124.             foreach ($newdata as $key => $val)
125.             {
126.                 $_SESSION[$key] = $val;
127.             }
128.         }
129.     }
130.  
131.    /**
132.     * Erases given session attributes
133.     * @param type $newdata
134.     * @return type
135.     */
136.     public function unset_userdata($newdata = array())
137.     {
138.         if (is_string($newdata))
139.         {
140.             $newdata = array($newdata => '');
141.         }
142.  
143.         if (count($newdata) > 0)
144.         {
145.             foreach ($newdata as $key => $val)
146.             {
147.                 unset($_SESSION[$key]);
148.             }
149.         }
150.     }
151.  
152.    /**
153.     * Starts up the session system for current request
154.     * @return type
155.     */
156.     public function _sess_run()
157.     {
158.         // define name session
159.         session_name($this->sess_name);
160.  
161.         $session_id_ttl = $this->object->config->item('sess_expiration');
162.  
163.         if (is_numeric($session_id_ttl))
164.         {
165.             if ($session_id_ttl > 0)
166.             {
167.                 $this->session_id_ttl = $this->object->config->item('sess_expiration');
168.             }
169.             else
170.             {
171.                 $this->session_id_ttl = (60*60*24*365*2);
172.             }
173.         }
174.  
175.         // define time to expire session
176.         session_cache_expire($this->session_id_ttl);
177.         session_set_cookie_params($this->session_id_ttl);
178.  
179.         //start session
180.         session_start();
181.  
182.  
183.         // check if session id needs regeneration
184.         if ( $this->_session_id_expired() )
185.         {
186.             // regenerate session id (session data stays the
187.             // same, but old session storage is destroyed)
188.             $this->regenerate_id();
189.         }
190.  
191.         // delete old flashdata (from last request)
192.         $this->_flashdata_sweep();
193.  
194.         // mark all new flashdata as old (data will be deleted before next request)
195.         $this->_flashdata_mark();
196.  
197.         // set userdata with $_SESSION global
198.         $this->userdata = $_SESSION;
199.     }
200.  
201.     /**
202.      * Checks if session has expired
203.      * @return type
204.      */
205.     public function _session_id_expired()
206.     {
207.         if ( ! isset( $_SESSION['regenerated'] ) )
208.         {
209.             $_SESSION['regenerated'] = time();
210.             return FALSE;
211.         }
212.  
213.         $expiry_time = time() - $this->session_id_ttl;
214.  
215.         if ( $_SESSION['regenerated'] <=  $expiry_time )
216.         {
217.             return TRUE;
218.         }
219.  
220.         return FALSE;
221.     }
222.  
223.    /**
224.     * Sets "flash" data which will be available only in next request (then it will
225.     * be deleted from session). You can use it to implement "Save succeeded" messages
226.     * after redirect.
227.     *
228.     * @param type $key
229.     * @param type $value
230.     * @return type
231.     */
232.     public function set_flashdata($key, $value)
233.     {
234.         $flash_key = $this->flash_key.':new:'.$key;
235.         $this->set_userdata($flash_key, $value);
236.     }
237.  
238.    /**
239.     * Keeps existing "flash" data available to next request.
240.     * @param type $key
241.     * @return type
242.     */
243.     public function keep_flashdata($key)
244.     {
245.         $old_flash_key = $this->flash_key.':old:'.$key;
246.         $value = $this->userdata($old_flash_key);
247.  
248.         $new_flash_key = $this->flash_key.':new:'.$key;
249.         $this->set_userdata($new_flash_key, $value);
250.     }
251.  
252.    /**
253.     * Returns "flash" data for the given key.
254.     * @param type $key
255.     * @return type
256.     */
257.     public function flashdata($key)
258.     {
259.         $flash_key = $this->flash_key.':old:'.$key;
260.         return $this->userdata($flash_key);
261.     }
262.  
263.    /**
264.     * PRIVATE: Internal method - marks "flash" session attributes as 'old'
265.     * @return type
266.     */
267.     public function _flashdata_mark()
268.     {
269.         foreach ($_SESSION as $name => $value)
270.         {
271.             $parts = explode(':new:', $name);
272.             if (is_array($parts) && count($parts) == 2)
273.             {
274.                 $new_name = $this->flash_key.':old:'.$parts[1];
275.                 $this->set_userdata($new_name, $value);
276.                 $this->unset_userdata($name);
277.             }
278.         }
279.     }
280.  
281.    /**
282.     * PRIVATE: Internal method - removes "flash" session marked as 'old'
283.     * @return type
284.     */
285.     public function _flashdata_sweep()
286.     {
287.         foreach ($_SESSION as $name => $value)
288.         {
289.             $parts = explode(':old:', $name);
290.             if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flash_key)
291.             {
292.                 $this->unset_userdata($name);
293.             }
294.         }
295.     }
296.  
297. }
298.  
299. /* End of file MY_Session.php */
300. /* Location: /../libraries/MY_Session.php */