|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Eccube\Session\Storage\Handler; |
|
4
|
|
|
|
|
5
|
|
|
use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler; |
|
6
|
|
|
|
|
7
|
|
|
class SameSiteNoneCompatSessionHandler extends StrictSessionHandler |
|
8
|
|
|
{ |
|
9
|
|
|
private $sessionName; |
|
|
|
|
|
|
10
|
|
|
private $prefetchId; |
|
|
|
|
|
|
11
|
|
|
private $prefetchData; |
|
|
|
|
|
|
12
|
|
|
private $newSessionId; |
|
|
|
|
|
|
13
|
|
|
private $igbinaryEmptyData; |
|
|
|
|
|
|
14
|
|
|
|
|
15
|
|
|
public function __construct(\SessionHandlerInterface $handler) |
|
16
|
|
|
{ |
|
17
|
|
|
parent::__construct($handler); |
|
18
|
|
|
$this->handler = $handler; |
|
|
|
|
|
|
19
|
|
|
// TODO UA や PHP バージョンで分岐する |
|
20
|
|
|
ini_set('session.cookie_path', '/; SameSite=None'); |
|
21
|
|
|
ini_set('session.cookie_secure', 1); |
|
22
|
|
|
} |
|
23
|
|
|
|
|
24
|
|
|
public function open($savePath, $sessionName) |
|
25
|
|
|
{ |
|
26
|
|
|
$this->sessionName = $sessionName; |
|
27
|
|
|
return parent::open($savePath, $sessionName); |
|
28
|
|
|
} |
|
29
|
|
|
public function destroy($sessionId) |
|
30
|
|
|
{ |
|
31
|
|
|
if (\PHP_VERSION_ID < 70000) { |
|
32
|
|
|
$this->prefetchData = null; |
|
33
|
|
|
} |
|
34
|
|
|
if (!headers_sent() && filter_var(ini_get('session.use_cookies'), FILTER_VALIDATE_BOOLEAN)) { |
|
35
|
|
|
if (!$this->sessionName) { |
|
36
|
|
|
throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', \get_class($this))); |
|
37
|
|
|
} |
|
38
|
|
|
$sessionCookie = sprintf(' %s=', urlencode($this->sessionName)); |
|
39
|
|
|
$sessionCookieWithId = sprintf('%s%s;', $sessionCookie, urlencode($sessionId)); |
|
40
|
|
|
$sessionCookieFound = false; |
|
41
|
|
|
$otherCookies = []; |
|
42
|
|
|
foreach (headers_list() as $h) { |
|
43
|
|
|
if (0 !== stripos($h, 'Set-Cookie:')) { |
|
44
|
|
|
continue; |
|
45
|
|
|
} |
|
46
|
|
|
if (11 === strpos($h, $sessionCookie, 11)) { |
|
47
|
|
|
$sessionCookieFound = true; |
|
48
|
|
|
|
|
49
|
|
|
if (11 !== strpos($h, $sessionCookieWithId, 11)) { |
|
50
|
|
|
$otherCookies[] = $h; |
|
51
|
|
|
} |
|
52
|
|
|
} else { |
|
53
|
|
|
$otherCookies[] = $h; |
|
54
|
|
|
} |
|
55
|
|
|
} |
|
56
|
|
|
if ($sessionCookieFound) { |
|
57
|
|
|
header_remove('Set-Cookie'); |
|
58
|
|
|
foreach ($otherCookies as $h) { |
|
59
|
|
|
header($h, false); |
|
60
|
|
|
} |
|
61
|
|
|
} else { |
|
62
|
|
|
if (\PHP_VERSION_ID < 70300) { |
|
63
|
|
|
setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN)); |
|
64
|
|
|
} else { |
|
65
|
|
|
setcookie($this->sessionName, '', |
|
66
|
|
|
[ |
|
67
|
|
|
'expires' => 0, |
|
68
|
|
|
'path' => '/', // TODO |
|
69
|
|
|
'domain' => ini_get('session.cookie_domain'), |
|
70
|
|
|
'secure' => filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), |
|
71
|
|
|
'httponly' => filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN), |
|
72
|
|
|
'samesite' => 'None' // TODO UA で分岐する |
|
73
|
|
|
] |
|
74
|
|
|
); |
|
75
|
|
|
} |
|
76
|
|
|
} |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
return $this->newSessionId === $sessionId || $this->doDestroy($sessionId); |
|
80
|
|
|
} |
|
81
|
|
|
} |
|
82
|
|
|
|
EC-CUBE /
ec-cube
Loading history...