Session Library for CodeIgniter using PHP native session

1. <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
2. /**
3. * Code Igniter
4. *
5. * An open source application development framework for PHP 4.3.2 or newer
6. *
7. * @package CodeIgniter
8. * @author Dariusz Debowczyk
9. * @copyright Copyright (c) 2006, D.Debowczyk
10. * @license http://www.codeignitor.com/user_guide/license.html
11. * @link http://www.codeigniter.com
12. * @since Version 1.0
13. * @filesource
14. */
15.  
16. // ------------------------------------------------------------------------
17.  
18. /**
19. * Session class using native PHP session features and hardened against session fixation.
20. *
21. * @package CodeIgniter
22. * @subpackage Libraries
23. * @category Sessions
24. * @author Dariusz Debowczyk
25. * @link http://www.codeigniter.com/user_guide/libraries/sessions.html
26. */
27. class CI_Session {
28. var $session_id_ttl = 360; // session id time to live (TTL) in seconds
29. var $flash_key = 'flash'; // prefix for "flash" variables (eg. flash:new:message)
30.  
31. function __construct()
32. {
33. log_message('debug', "Native_session Class Initialized");
34. $this->_sess_run();
35. }
36.  
37. /**
38. * Regenerates session id
39. */
40. function regenerate_id()
41. {
42. // copy old session data, including its id
43. $old_session_id = session_id();
44. $old_session_data = $_SESSION;
45.  
46. // regenerate session id and store it
47. session_regenerate_id();
48. $new_session_id = session_id();
49.  
50. // switch to the old session and destroy its storage
51. session_id($old_session_id);
52. session_destroy();
53.  
54. // switch back to the new session id and send the cookie
55. session_id($new_session_id);
56. session_start();
57.  
58. // restore the old session data into the new session
59. $_SESSION = $old_session_data;
60.  
61. // update the session creation time
62. $_SESSION['regenerated'] = time();
63.  
64. // session_write_close() patch based on this thread
65. // http://www.codeigniter.com/forums/viewthread/1624/
66. // there is a question mark ?? as to side affects
67.  
68. // end the current session and store session data.
69. session_write_close();
70. }
71.  
72. /**
73. * Destroys the session and erases session storage
74. */
75. function destroy()
76. {
77. unset($_SESSION);
78. if ( isset( $_COOKIE[session_name()] ) )
79. {
80. setcookie(session_name(), '', time()-42000, '/');
81. }
82. @session_destroy();
83. }
84.  
85. /**
86. * Reads given session attribute value
87. */
88. function userdata($item)
89. {
90. if($item == 'session_id'){ //added for backward-compatibility
91.  
92. return session_id();
93. }else{
94. return ( ! isset($_SESSION[$item])) ? false : $_SESSION[$item];
95. }
96. }
97.  
98. /**
99. * Sets session attributes to the given values
100. */
101. function set_userdata($newdata = array(), $newval = '')
102. {
103. if (is_string($newdata))
104. {
105. $newdata = array($newdata => $newval);
106. }
107.  
108. if (count($newdata) > 0)
109. {
110. foreach ($newdata as $key => $val)
111. {
112. $_SESSION[$key] = $val;
113. }
114. }
115. }
116.  
117. /**
118. * Erases given session attributes
119. */
120. function unset_userdata($newdata = array())
121. {
122. if (is_string($newdata))
123. {
124. $newdata = array($newdata);
125. }
126.  
127. if (count($newdata) > 0)
128. {
129. foreach ($newdata as $key)
130. {
131. $_SESSION[$key] = null;
132. unset($_SESSION[$key]);
133. }
134. }
135. }
136.  
137. /**
138. * Starts up the session system for current request
139. */
140. function _sess_run()
141. {
142. session_start();
143.  
144. // check if session id needs regeneration
145. if ( $this->_session_id_expired() )
146. {
147. // regenerate session id (session data stays the
148. // same, but old session storage is destroyed)
149. $this->regenerate_id();
150. }
151.  
152. // Delete 'old' flashdata (from last request)
153. $this->_flashdata_sweep();
154.  
155. // Mark all new flashdata as old (data will be deleted before next request)
156. $this->_flashdata_mark();
157. }
158.  
159. /**
160. * Checks if session has expired
161. */
162. function _session_id_expired()
163. {
164. if ( !isset( $_SESSION['regenerated'] ) )
165. {
166. $_SESSION['regenerated'] = time();
167. return false;
168. }
169.  
170. $expiry_time = time() - $this->session_id_ttl;
171.  
172. if ( $_SESSION['regenerated'] <= $expiry_time )
173. {
174. return true;
175. }
176.  
177. return false;
178. }
179.  
180. /**
181. * Sets "flash" data which will be available only in next request (then it will
182. * be deleted from session). You can use it to implement "Save succeeded" messages
183. * after redirect.
184. */
185. function set_flashdata($newdata = array(), $newval = '')
186. {
187. if (is_string($newdata))
188. {
189. $newdata = array($newdata => $newval);
190. }
191.  
192. if (count($newdata) > 0)
193. {
194. foreach ($newdata as $key => $val)
195. {
196. $flashdata_key = $this->flash_key.':new:'.$key;
197. $this->set_userdata($flashdata_key, $val);
198. }
199. }
200. }
201.  
202. /**
203. * Keeps existing "flash" data available to next request.
204. */
205. function keep_flashdata($key)
206. {
207. $old_flash_key = $this->flash_key.':old:'.$key;
208. $value = $this->userdata($old_flash_key);
209.  
210. $new_flash_key = $this->flash_key.':new:'.$key;
211. $this->set_userdata($new_flash_key, $value);
212. }
213.  
214. /**
215. * Returns "flash" data for the given key.
216. */
217. function flashdata($key)
218. {
219. $flash_key = $this->flash_key.':old:'.$key;
220. return $this->userdata($flash_key);
221. }
222.  
223. /**
224. * PRIVATE: Internal method - marks "flash" session attributes as 'old'
225. */
226. function _flashdata_mark()
227. {
228. foreach ($_SESSION as $name => $value)
229. {
230. $parts = explode(':new:', $name);
231. if (is_array($parts) && count($parts) == 2)
232. {
233. $new_name = $this->flash_key.':old:'.$parts[1];
234. $this->set_userdata($new_name, $value);
235. $this->unset_userdata($name);
236. }
237. }
238. }
239.  
240. /**
241. * PRIVATE: Internal method - removes "flash" session marked as 'old'
242. */
243. function _flashdata_sweep()
244. {
245. foreach ($_SESSION as $name => $value)
246. {
247. $parts = explode(':old:', $name);
248. if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flash_key)
249. {
250. $this->unset_userdata($name);
251. }
252. }
253. }
254.  
255. /**
256. * Fetch all session data
257. *
258. * @access public
259. * @return array
260. */
261. function all_userdata()
262. {
263. return $_SESSION;
264. }
265.  
266. /**
267. * Destroy the current session
268. *
269. * @access public
270. * @return void
271. */
272. function sess_destroy()
273. {
274. $this->destroy();
275. }
276.  
277.  
278. }
279.  
280. /* EOF */