Session::startSession() - Code Metrics - Inspection of "attempt not to start sessions before they are need..." - eduvpn/vpn-lib-common - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6f77c2...a92bfc )

by François

created 2017-01-20 13:30 UTC

Session::startSession() B

↳ Parent: Session

Complexity

Conditions	6
Paths	13

Size

Total Lines	27
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	27
rs	8.439
cc	6
eloc	13
nc	13
nop	0

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace SURFnet\VPN\Common\Http;

use SURFnet\VPN\Common\Http\Exception\HttpException;

class Session implements SessionInterface
{
    /** @var string */
    private $serverName;

    /** @var string */
    private $requestRoot;

    /** @var bool */
    private $secureOnly;

    public function __construct($serverName, $requestRoot, $secureOnly)
    {
        $this->serverName = $serverName;
        $this->requestRoot = $requestRoot;
        $this->secureOnly = $secureOnly;
    }

    public function set($key, $value)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $this->startSession();
        $_SESSION[$key] = $value;
    }

    public function delete($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $this->startSession();
        if ($this->has($key)) {
            unset($_SESSION[$key]);
        }
    }

    public function has($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $this->startSession();

        return array_key_exists($key, $_SESSION);
    }

    public function get($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $this->startSession();
        if ($this->has($key)) {
            return $_SESSION[$key];
        }
    }

    public function destroy()
    {
        if ('' !== session_id()) {
            // session already started
            return;
        }
        session_destroy();
    }

    private function startSession()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ('' !== session_id()) {
            // session already started
            return;
        }

        session_set_cookie_params(0, $this->requestRoot, $this->serverName, $this->secureOnly, true);
        session_start();

        // Make sure we have a canary set
        if (!isset($_SESSION['canary'])) {
            $this->setCanary($this->serverName, $this->requestRoot);
        }
        // Regenerate session ID every five minutes:
        if ($_SESSION['canary'] < time() - 300) {
            $this->setCanary($this->serverName, $this->requestRoot);
        }

        if ($this->serverName !== $_SESSION['serverName']) {
            throw new HttpException('session error (serverName)', 400);
        }

        if ($this->requestRoot !== $_SESSION['requestRoot']) {
            throw new HttpException('session error (requestRoot)', 400);
        }
    }

    private function setCanary($serverName, $requestRoot)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        session_regenerate_id(true);
        $_SESSION['canary'] = time();
        $_SESSION['serverName'] = $serverName;
        $_SESSION['requestRoot'] = $requestRoot;
    }
}


1			<?php
2			/**
3			* Copyright (C) 2016 SURFnet.
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as
7			* published by the Free Software Foundation, either version 3 of the
8			* License, or (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <http://www.gnu.org/licenses/>.
17			*/
18
19			namespace SURFnet\VPN\Common\Http;
20
21			use SURFnet\VPN\Common\Http\Exception\HttpException;
22
23			class Session implements SessionInterface
24			{
25			/** @var string */
26			private $serverName;
27
28			/** @var string */
29			private $requestRoot;
30
31			/** @var bool */
32			private $secureOnly;
33
34			public function __construct($serverName, $requestRoot, $secureOnly)
35			{
36			$this->serverName = $serverName;
37			$this->requestRoot = $requestRoot;
38			$this->secureOnly = $secureOnly;
39			}
40
41			public function set($key, $value)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `set` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
42			{
43			$this->startSession();
44			$_SESSION[$key] = $value;
45			}
46
47			public function delete($key)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `delete` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
48			{
49			$this->startSession();
50			if ($this->has($key)) {
51			unset($_SESSION[$key]);
52			}
53			}
54
55			public function has($key)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `has` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
56			{
57			$this->startSession();
58
59			return array_key_exists($key, $_SESSION);
60			}
61
62			public function get($key)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `get` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
63			{
64			$this->startSession();
65			if ($this->has($key)) {
66			return $_SESSION[$key];
67			}
68			}
69
70			public function destroy()
71			{
72			if ('' !== session_id()) {
73			// session already started
74			return;
75			}
76			session_destroy();
77			}
78
79			private function startSession()
			0 ignored issues – show Coding Style introduced 2017-01-20 13:32 UTC by Report Bug Copy Issue Report `startSession` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
80			{
81			if ('' !== session_id()) {
82			// session already started
83			return;
84			}
85
86			session_set_cookie_params(0, $this->requestRoot, $this->serverName, $this->secureOnly, true);
87			session_start();
88
89			// Make sure we have a canary set
90			if (!isset($_SESSION['canary'])) {
91			$this->setCanary($this->serverName, $this->requestRoot);
92			}
93			// Regenerate session ID every five minutes:
94			if ($_SESSION['canary'] < time() - 300) {
95			$this->setCanary($this->serverName, $this->requestRoot);
96			}
97
98			if ($this->serverName !== $_SESSION['serverName']) {
99			throw new HttpException('session error (serverName)', 400);
100			}
101
102			if ($this->requestRoot !== $_SESSION['requestRoot']) {
103			throw new HttpException('session error (requestRoot)', 400);
104			}
105			}
106
107			private function setCanary($serverName, $requestRoot)
			0 ignored issues – show Coding Style introduced 2016-10-04 13:14 UTC by Report Bug Copy Issue Report `setCanary` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
108			{
109			session_regenerate_id(true);
110			$_SESSION['canary'] = time();
111			$_SESSION['serverName'] = $serverName;
112			$_SESSION['requestRoot'] = $requestRoot;
113			}
114			}
115

eduvpn / vpn-lib-common

GitHub Access Token became invalid

Push — master ( 6f77c2...a92bfc )

Session::startSession() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like