SessionWare::recreateSession() - Code Metrics - Inspection of "recreate session when not random enough" - juliangut/sessionware - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 7b42c0...d949be )

by Julián

created 2016-09-16 17:42 UTC

SessionWare::recreateSession() A

↳ Parent: SessionWare

Complexity

Conditions	2
Paths	2

Size

Total Lines	16
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	16
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	9
nc	2
nop	0

<?php
/**
 * SessionWare (https://github.com/juliangut/sessionware)
 * PSR7 session management middleware
 *
 * @license BSD-3-Clause
 * @author Julián Gutiérrez <[email protected]>
 */

namespace Jgut\Middleware;

use League\Event\EmitterAwareInterface;
use League\Event\EmitterTrait;
use League\Event\Event;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

/**
 * PHP session handler middleware.
 */
class SessionWare implements EmitterAwareInterface
{
    use EmitterTrait;

    const SESSION_LIFETIME_FLASH    = 300; // 5 minutes
    const SESSION_LIFETIME_SHORT    = 600; // 10 minutes
    const SESSION_LIFETIME_NORMAL   = 900; // 15 minutes
    const SESSION_LIFETIME_DEFAULT  = 1440; // 24 minutes
    const SESSION_LIFETIME_EXTENDED = 3600; // 1 hour
    const SESSION_LIFETIME_INFINITE = PHP_INT_MAX; // Around 1145 years (x86_64)

    const SESSION_TIMEOUT_KEY_DEFAULT = '__SESSIONWARE_TIMEOUT_TIMESTAMP__';

    const SESSION_ID_LENGTH = 80;

    /**
     * @var array
     */
    protected $settings;

    /**
     * @var array
     */
    protected $initialSessionParams;

    /**
     * @var string
     */
    protected $sessionName;

    /**
     * @var int
     */
    protected $sessionLifetime;

    /**
     * @var string
     */
    protected $sessionTimeoutKey;

    /**
     * Middleware constructor.
     *
     * @param array $settings
     * @param array $initialSessionParams
     */
    public function __construct(array $settings = [], array $initialSessionParams = [])
    {
        $this->settings = $settings;

        $this->initialSessionParams = $initialSessionParams;
    }

    /**
     * Execute the middleware.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     * @param callable               $next
     *
     * @throws \InvalidArgumentException
     * @throws \RuntimeException
     *
     * @return ResponseInterface
     */
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
    {
        $this->startSession($request);

        $response = $next($request, $response);

        return $this->respondWithSessionCookie($response);
    }

    /**
     * Configure session settings.
     *
     * @param ServerRequestInterface $request
     *
     * @throws \InvalidArgumentException
     * @throws \RuntimeException
     */
    protected function startSession(ServerRequestInterface $request)
    {
        if (session_status() === PHP_SESSION_DISABLED) {
            // @codeCoverageIgnoreStart
            throw new \RuntimeException('PHP sessions are disabled');
            // @codeCoverageIgnoreEnd
        }

        if (session_status() === PHP_SESSION_ACTIVE) {
            throw new \RuntimeException('Session has already been started, review "session.auto_start" ini setting');
        }

        // @codeCoverageIgnoreStart
        if (php_sapi_name() !== 'cli') {
            $this->verifySessionSettings();
        }
        // @codeCoverageIgnoreEnd

        $sessionSettings = array_merge($this->getSessionSettings(), $this->settings);

        $this->configureSessionName($sessionSettings);

        $this->configureSessionCookies($sessionSettings);
        $this->configureSessionSavePath($sessionSettings);
        $this->configureSessionTimeout($sessionSettings);
        $this->configureSessionSerializer();

        $this->configureSessionId($request);

        session_start();

        if (session_status() !== PHP_SESSION_ACTIVE) {
            // @codeCoverageIgnoreStart
            throw new \RuntimeException('Session could not be started');
            // @codeCoverageIgnoreEnd
        }

        $this->manageSessionTimeout();

        $this->populateSession($this->initialSessionParams);

        if (strlen(session_id()) !== static::SESSION_ID_LENGTH) {
            $this->recreateSession();
        }
    }

    /**
     * Verify session ini settings.
     *
     * @throws \RuntimeException
     *
     * @codeCoverageIgnore
     */
    final protected function verifySessionSettings()
    {
        if ($this->getSessionSetting('use_trans_sid') !== false) {
            throw new \RuntimeException('"session.use_trans_sid" ini setting must be set to false');
        }

        if ($this->getSessionSetting('use_cookies') !== true) {
            throw new \RuntimeException('"session.use_cookies" ini setting must be set to false');
        }

        if ($this->getSessionSetting('use_only_cookies') !== true) {
            throw new \RuntimeException('"session.use_only_cookies" ini setting must be set to false');
        }

        if ($this->getSessionSetting('use_strict_mode') !== false) {
            throw new \RuntimeException('"session.use_strict_mode" ini setting must be set to false');
        }

        if ($this->getSessionSetting('cache_limiter') !== null) {
            throw new \RuntimeException('"session.cache_limiter" ini setting must be set to false');
        }
    }

    /**
     * Retrieve default session settings.
     *
     * @return array
     */
    protected function getSessionSettings()
    {
        $lifeTime = (int) $this->getSessionSetting('cookie_lifetime') === 0
            ? (int) $this->getSessionSetting('gc_maxlifetime')
            : min($this->getSessionSetting('cookie_lifetime'), (int) $this->getSessionSetting('gc_maxlifetime'));

        return [
            'name'             => $this->getSessionSetting('name', 'PHPSESSID'),
            'path'             => $this->getSessionSetting('cookie_path'),
            'domain'           => $this->getSessionSetting('cookie_domain', '/'),
            'secure'           => $this->getSessionSetting('cookie_secure'),
            'httponly'         => $this->getSessionSetting('cookie_httponly'),
            'savePath'         => $this->getSessionSetting('save_path', sys_get_temp_dir()),
            'lifetime'         => $lifeTime > 0 ? $lifeTime : static::SESSION_LIFETIME_DEFAULT,
            'timeoutKey'       => static::SESSION_TIMEOUT_KEY_DEFAULT,
        ];
    }

    /**
     * Configure session name.
     *
     * @param array $settings
     *
     * @throws \InvalidArgumentException
     */
    protected function configureSessionName(array $settings)
    {
        if (trim($settings['name']) === '') {
            throw new \InvalidArgumentException('Session name must be a non empty string');
        }

        $this->sessionName = trim($settings['name']);

        $this->setSessionSetting('name', $this->sessionName);
    }

    /**
     * Configure session cookies parameters.
     *
     * @param array $settings
     */
    protected function configureSessionCookies(array $settings)
    {
        $this->setSessionSetting('cookie_path', $settings['path']);
        $this->setSessionSetting('cookie_domain', $settings['domain']);
        $this->setSessionSetting('cookie_secure', $settings['secure']);
        $this->setSessionSetting('cookie_httponly', $settings['httponly']);
    }

    /**
     * Configure session save path if using default PHP session save handler.
     *
     * @param array $settings
     *
     * @throws \RuntimeException
     */
    protected function configureSessionSavePath(array $settings)
    {
        if ($this->getSessionSetting('save_handler') !== 'files') {
            // @codeCoverageIgnoreStart
            return;
            // @codeCoverageIgnoreEnd
        }

        $savePath = trim($settings['savePath']);
        if ($savePath === '') {
            $savePath = sys_get_temp_dir();
        }

        $savePathParts = explode(DIRECTORY_SEPARATOR, rtrim($savePath, DIRECTORY_SEPARATOR));
        if ($this->sessionName !== 'PHPSESSID' && $this->sessionName !== array_pop($savePathParts)) {
            $savePath .= DIRECTORY_SEPARATOR . $this->sessionName;
        }

        if ($savePath !== sys_get_temp_dir()
            && !@mkdir($savePath, 0775, true) && (!is_dir($savePath) || !is_writable($savePath))
        ) {
            throw new \RuntimeException(
                sprintf('Failed to create session save path at "%s", directory might not be write enabled', $savePath)
            );
        }

        $this->setSessionSetting('save_path', $savePath);
    }

    /**
     * Configure session timeout.
     *
     * @param array $settings
     *
     * @throws \InvalidArgumentException
     */
    protected function configureSessionTimeout(array $settings)
    {
        $lifetime = (int) $settings['lifetime'];

        if ($lifetime < 1) {
            throw new \InvalidArgumentException('Session lifetime must be at least 1');
        }

        $this->sessionLifetime = $lifetime;

        $timeoutKey = trim($settings['timeoutKey']);
        if ($timeoutKey === '') {
            throw new \InvalidArgumentException(
                sprintf('"%s" is not a valid session timeout control key name', $settings['timeoutKey'])
            );
        }

        $this->sessionTimeoutKey = $timeoutKey;

        // Signal garbage collector with defined timeout
        $this->setSessionSetting('gc_maxlifetime', $lifetime);
    }

    /**
     * Configure session serialize handler.
     */
    protected function configureSessionSerializer()
    {
        // Use better session serializer when available
        if ($this->getSessionSetting('serialize_handler') === 'php' && version_compare(PHP_VERSION, '5.5.4', '>=')) {
            // @codeCoverageIgnoreStart
            $this->setSessionSetting('serialize_handler', 'php_serialize');
            // @codeCoverageIgnoreEnd
        }
    }

    /**
     * Configure session identifier.
     *
     * @param ServerRequestInterface $request
     */
    protected function configureSessionId(ServerRequestInterface $request)
    {
        $requestCookies = $request->getCookieParams();

        if (array_key_exists($this->sessionName, $requestCookies) && trim($requestCookies[$this->sessionName]) !== '') {
            session_id(trim($requestCookies[$this->sessionName]));
        }
    }

    /**
     * Manage session timeout.
     *
     * @throws \InvalidArgumentException
     */
    protected function manageSessionTimeout()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (array_key_exists($this->sessionTimeoutKey, $_SESSION) && $_SESSION[$this->sessionTimeoutKey] < time()) {
            $this->emit(Event::named('pre.session_timeout'), session_id());

            $_SESSION = [];
            session_unset();
            session_destroy();

            session_id(static::generateSessionId());

            session_start();

            $this->emit(Event::named('post.session_timeout'), session_id());
        }

        $_SESSION[$this->sessionTimeoutKey] = time() + $this->sessionLifetime;
    }

    /**
     * Close previous session and create a new empty one.
     */
    protected function recreateSession()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $sessionParams = $_SESSION;

        $_SESSION = [];
        session_unset();
        session_destroy();

        session_id(SessionWare::generateSessionId());

        session_start();

        foreach ($sessionParams as $param => $value) {
            $_SESSION[$param] = $value;
        }
    }

    /**
     * Populate session with initial parameters if they don't exist.
     *
     * @param array $initialSessionParams
     */
    protected function populateSession(array $initialSessionParams)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        foreach ($initialSessionParams as $parameter => $value) {
            if (!array_key_exists($parameter, $_SESSION)) {
                $_SESSION[$parameter] = $value;
            }
        }
    }

    /**
     * Add session cookie Set-Cookie header to response.
     *
     * @param ResponseInterface $response
     *
     * @throws \InvalidArgumentException
     *
     * @return ResponseInterface
     */
    protected function respondWithSessionCookie(ResponseInterface $response)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (session_status() !== PHP_SESSION_ACTIVE || !array_key_exists($this->sessionTimeoutKey, $_SESSION)) {
            $expireTime = time() - $this->sessionLifetime;
        } else {
            $expireTime = $_SESSION[$this->sessionTimeoutKey];
        }

        $cookieParams = [
            sprintf(
                'expires=%s; max-age=%s',
                gmdate('D, d M Y H:i:s T', $expireTime),
                $this->sessionLifetime
            ),
        ];

        if (trim($this->getSessionSetting('cookie_path')) !== '') {
            $cookieParams[] = 'path=' . $this->getSessionSetting('cookie_path');
        }

        if (trim($this->getSessionSetting('cookie_domain')) !== '') {
            $cookieParams[] = 'domain=' . $this->getSessionSetting('cookie_domain');
        }

        if ((bool) $this->getSessionSetting('cookie_secure')) {
            $cookieParams[] = 'secure';
        }

        if ((bool) $this->getSessionSetting('cookie_httponly')) {
            $cookieParams[] = 'httponly';
        }

        return $response->withAddedHeader(
            'Set-Cookie',
            sprintf(
                '%s=%s; %s',
                urlencode($this->sessionName),
                urlencode(session_id()),
                implode('; ', $cookieParams)
            )
        );
    }

    /**
     * Generates cryptographically secure session identifier.
     *
     * @param int $length
     *
     * @return string
     */
    final public static function generateSessionId($length = self::SESSION_ID_LENGTH)
    {
        return substr(
            preg_replace('/[^a-zA-Z0-9-]+/', '', base64_encode(random_bytes((int) $length))),
            0,
            (int) $length
        );
    }

    /**
     * Retrieve session ini setting.
     *
     * @param string     $setting
     * @param mixed|null $default
     *
     * @return mixed
     */
    private function getSessionSetting($setting, $default = null)
    {
        $setting = ini_get($this->normalizeSessionSettingName($setting));

        if (is_numeric($setting)) {
            return (int) $setting;
        }

        $setting = trim($setting);

        return $setting !== '' ? $setting : $default;
    }

    /**
     * Set session ini setting.
     *
     * @param string $setting
     * @param mixed  $value
     */
    private function setSessionSetting($setting, $value)
    {
        ini_set($this->normalizeSessionSettingName($setting), $value);
    }

    /**
     * Normalize session setting name to start with 'session.'.
     *
     * @param string $setting
     *
     * @return string
     */
    private function normalizeSessionSettingName($setting)
    {
        return strpos($setting, 'session.') !== 0 ? 'session.' . $setting : $setting;
    }
}


1			<?php
2			/**
3			* SessionWare (https://github.com/juliangut/sessionware)
4			* PSR7 session management middleware
5			*
6			* @license BSD-3-Clause
7			* @author Julián Gutiérrez <[email protected]>
8			*/
9
10			namespace Jgut\Middleware;
11
12			use League\Event\EmitterAwareInterface;
13			use League\Event\EmitterTrait;
14			use League\Event\Event;
15			use Psr\Http\Message\ResponseInterface;
16			use Psr\Http\Message\ServerRequestInterface;
17
18			/**
19			* PHP session handler middleware.
20			*/
21			class SessionWare implements EmitterAwareInterface
22			{
23			use EmitterTrait;
24
25			const SESSION_LIFETIME_FLASH = 300; // 5 minutes
26			const SESSION_LIFETIME_SHORT = 600; // 10 minutes
27			const SESSION_LIFETIME_NORMAL = 900; // 15 minutes
28			const SESSION_LIFETIME_DEFAULT = 1440; // 24 minutes
29			const SESSION_LIFETIME_EXTENDED = 3600; // 1 hour
30			const SESSION_LIFETIME_INFINITE = PHP_INT_MAX; // Around 1145 years (x86_64)
31
32			const SESSION_TIMEOUT_KEY_DEFAULT = '__SESSIONWARE_TIMEOUT_TIMESTAMP__';
33
34			const SESSION_ID_LENGTH = 80;
35
36			/**
37			* @var array
38			*/
39			protected $settings;
40
41			/**
42			* @var array
43			*/
44			protected $initialSessionParams;
45
46			/**
47			* @var string
48			*/
49			protected $sessionName;
50
51			/**
52			* @var int
53			*/
54			protected $sessionLifetime;
55
56			/**
57			* @var string
58			*/
59			protected $sessionTimeoutKey;
60
61			/**
62			* Middleware constructor.
63			*
64			* @param array $settings
65			* @param array $initialSessionParams
66			*/
67			public function __construct(array $settings = [], array $initialSessionParams = [])
68			{
69			$this->settings = $settings;
70
71			$this->initialSessionParams = $initialSessionParams;
72			}
73
74			/**
75			* Execute the middleware.
76			*
77			* @param ServerRequestInterface $request
78			* @param ResponseInterface $response
79			* @param callable $next
80			*
81			* @throws \InvalidArgumentException
82			* @throws \RuntimeException
83			*
84			* @return ResponseInterface
85			*/
86			public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
87			{
88			$this->startSession($request);
89
90			$response = $next($request, $response);
91
92			return $this->respondWithSessionCookie($response);
93			}
94
95			/**
96			* Configure session settings.
97			*
98			* @param ServerRequestInterface $request
99			*
100			* @throws \InvalidArgumentException
101			* @throws \RuntimeException
102			*/
103			protected function startSession(ServerRequestInterface $request)
104			{
105			if (session_status() === PHP_SESSION_DISABLED) {
106			// @codeCoverageIgnoreStart
107			throw new \RuntimeException('PHP sessions are disabled');
108			// @codeCoverageIgnoreEnd
109			}
110
111			if (session_status() === PHP_SESSION_ACTIVE) {
112			throw new \RuntimeException('Session has already been started, review "session.auto_start" ini setting');
113			}
114
115			// @codeCoverageIgnoreStart
116			if (php_sapi_name() !== 'cli') {
117			$this->verifySessionSettings();
118			}
119			// @codeCoverageIgnoreEnd
120
121			$sessionSettings = array_merge($this->getSessionSettings(), $this->settings);
122
123			$this->configureSessionName($sessionSettings);
124
125			$this->configureSessionCookies($sessionSettings);
126			$this->configureSessionSavePath($sessionSettings);
127			$this->configureSessionTimeout($sessionSettings);
128			$this->configureSessionSerializer();
129
130			$this->configureSessionId($request);
131
132			session_start();
133
134			if (session_status() !== PHP_SESSION_ACTIVE) {
135			// @codeCoverageIgnoreStart
136			throw new \RuntimeException('Session could not be started');
137			// @codeCoverageIgnoreEnd
138			}
139
140			$this->manageSessionTimeout();
141
142			$this->populateSession($this->initialSessionParams);
143
144			if (strlen(session_id()) !== static::SESSION_ID_LENGTH) {
145			$this->recreateSession();
146			}
147			}
148
149			/**
150			* Verify session ini settings.
151			*
152			* @throws \RuntimeException
153			*
154			* @codeCoverageIgnore
155			*/
156			final protected function verifySessionSettings()
157			{
158			if ($this->getSessionSetting('use_trans_sid') !== false) {
159			throw new \RuntimeException('"session.use_trans_sid" ini setting must be set to false');
160			}
161
162			if ($this->getSessionSetting('use_cookies') !== true) {
163			throw new \RuntimeException('"session.use_cookies" ini setting must be set to false');
164			}
165
166			if ($this->getSessionSetting('use_only_cookies') !== true) {
167			throw new \RuntimeException('"session.use_only_cookies" ini setting must be set to false');
168			}
169
170			if ($this->getSessionSetting('use_strict_mode') !== false) {
171			throw new \RuntimeException('"session.use_strict_mode" ini setting must be set to false');
172			}
173
174			if ($this->getSessionSetting('cache_limiter') !== null) {
175			throw new \RuntimeException('"session.cache_limiter" ini setting must be set to false');
176			}
177			}
178
179			/**
180			* Retrieve default session settings.
181			*
182			* @return array
183			*/
184			protected function getSessionSettings()
185			{
186			$lifeTime = (int) $this->getSessionSetting('cookie_lifetime') === 0
187			? (int) $this->getSessionSetting('gc_maxlifetime')
188			: min($this->getSessionSetting('cookie_lifetime'), (int) $this->getSessionSetting('gc_maxlifetime'));
189
190			return [
191			'name' => $this->getSessionSetting('name', 'PHPSESSID'),
192			'path' => $this->getSessionSetting('cookie_path'),
193			'domain' => $this->getSessionSetting('cookie_domain', '/'),
194			'secure' => $this->getSessionSetting('cookie_secure'),
195			'httponly' => $this->getSessionSetting('cookie_httponly'),
196			'savePath' => $this->getSessionSetting('save_path', sys_get_temp_dir()),
197			'lifetime' => $lifeTime > 0 ? $lifeTime : static::SESSION_LIFETIME_DEFAULT,
198			'timeoutKey' => static::SESSION_TIMEOUT_KEY_DEFAULT,
199			];
200			}
201
202			/**
203			* Configure session name.
204			*
205			* @param array $settings
206			*
207			* @throws \InvalidArgumentException
208			*/
209			protected function configureSessionName(array $settings)
210			{
211			if (trim($settings['name']) === '') {
212			throw new \InvalidArgumentException('Session name must be a non empty string');
213			}
214
215			$this->sessionName = trim($settings['name']);
216
217			$this->setSessionSetting('name', $this->sessionName);
218			}
219
220			/**
221			* Configure session cookies parameters.
222			*
223			* @param array $settings
224			*/
225			protected function configureSessionCookies(array $settings)
226			{
227			$this->setSessionSetting('cookie_path', $settings['path']);
228			$this->setSessionSetting('cookie_domain', $settings['domain']);
229			$this->setSessionSetting('cookie_secure', $settings['secure']);
230			$this->setSessionSetting('cookie_httponly', $settings['httponly']);
231			}
232
233			/**
234			* Configure session save path if using default PHP session save handler.
235			*
236			* @param array $settings
237			*
238			* @throws \RuntimeException
239			*/
240			protected function configureSessionSavePath(array $settings)
241			{
242			if ($this->getSessionSetting('save_handler') !== 'files') {
243			// @codeCoverageIgnoreStart
244			return;
245			// @codeCoverageIgnoreEnd
246			}
247
248			$savePath = trim($settings['savePath']);
249			if ($savePath === '') {
250			$savePath = sys_get_temp_dir();
251			}
252
253			$savePathParts = explode(DIRECTORY_SEPARATOR, rtrim($savePath, DIRECTORY_SEPARATOR));
254			if ($this->sessionName !== 'PHPSESSID' && $this->sessionName !== array_pop($savePathParts)) {
255			$savePath .= DIRECTORY_SEPARATOR . $this->sessionName;
256			}
257
258			if ($savePath !== sys_get_temp_dir()
259			&& !@mkdir($savePath, 0775, true) && (!is_dir($savePath) \|\| !is_writable($savePath))
260			) {
261			throw new \RuntimeException(
262			sprintf('Failed to create session save path at "%s", directory might not be write enabled', $savePath)
263			);
264			}
265
266			$this->setSessionSetting('save_path', $savePath);
267			}
268
269			/**
270			* Configure session timeout.
271			*
272			* @param array $settings
273			*
274			* @throws \InvalidArgumentException
275			*/
276			protected function configureSessionTimeout(array $settings)
277			{
278			$lifetime = (int) $settings['lifetime'];
279
280			if ($lifetime < 1) {
281			throw new \InvalidArgumentException('Session lifetime must be at least 1');
282			}
283
284			$this->sessionLifetime = $lifetime;
285
286			$timeoutKey = trim($settings['timeoutKey']);
287			if ($timeoutKey === '') {
288			throw new \InvalidArgumentException(
289			sprintf('"%s" is not a valid session timeout control key name', $settings['timeoutKey'])
290			);
291			}
292
293			$this->sessionTimeoutKey = $timeoutKey;
294
295			// Signal garbage collector with defined timeout
296			$this->setSessionSetting('gc_maxlifetime', $lifetime);
297			}
298
299			/**
300			* Configure session serialize handler.
301			*/
302			protected function configureSessionSerializer()
303			{
304			// Use better session serializer when available
305			if ($this->getSessionSetting('serialize_handler') === 'php' && version_compare(PHP_VERSION, '5.5.4', '>=')) {
306			// @codeCoverageIgnoreStart
307			$this->setSessionSetting('serialize_handler', 'php_serialize');
308			// @codeCoverageIgnoreEnd
309			}
310			}
311
312			/**
313			* Configure session identifier.
314			*
315			* @param ServerRequestInterface $request
316			*/
317			protected function configureSessionId(ServerRequestInterface $request)
318			{
319			$requestCookies = $request->getCookieParams();
320
321			if (array_key_exists($this->sessionName, $requestCookies) && trim($requestCookies[$this->sessionName]) !== '') {
322			session_id(trim($requestCookies[$this->sessionName]));
323			}
324			}
325
326			/**
327			* Manage session timeout.
328			*
329			* @throws \InvalidArgumentException
330			*/
331			protected function manageSessionTimeout()
			0 ignored issues – show Coding Style introduced 2016-04-23 18:39 UTC by Report Bug Copy Issue Report `manageSessionTimeout` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
332			{
333			if (array_key_exists($this->sessionTimeoutKey, $_SESSION) && $_SESSION[$this->sessionTimeoutKey] < time()) {
334			$this->emit(Event::named('pre.session_timeout'), session_id());
335
336			$_SESSION = [];
337			session_unset();
338			session_destroy();
339
340			session_id(static::generateSessionId());
341
342			session_start();
343
344			$this->emit(Event::named('post.session_timeout'), session_id());
345			}
346
347			$_SESSION[$this->sessionTimeoutKey] = time() + $this->sessionLifetime;
348			}
349
350			/**
351			* Close previous session and create a new empty one.
352			*/
353			protected function recreateSession()
			0 ignored issues – show Coding Style introduced 2016-09-16 17:50 UTC by Report Bug Copy Issue Report `recreateSession` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
354			{
355			$sessionParams = $_SESSION;
356
357			$_SESSION = [];
358			session_unset();
359			session_destroy();
360
361			session_id(SessionWare::generateSessionId());
362
363			session_start();
364
365			foreach ($sessionParams as $param => $value) {
366			$_SESSION[$param] = $value;
367			}
368			}
369
370			/**
371			* Populate session with initial parameters if they don't exist.
372			*
373			* @param array $initialSessionParams
374			*/
375			protected function populateSession(array $initialSessionParams)
			0 ignored issues – show Coding Style introduced 2016-07-26 19:40 UTC by Report Bug Copy Issue Report `populateSession` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
376			{
377			foreach ($initialSessionParams as $parameter => $value) {
378			if (!array_key_exists($parameter, $_SESSION)) {
379			$_SESSION[$parameter] = $value;
380			}
381			}
382			}
383
384			/**
385			* Add session cookie Set-Cookie header to response.
386			*
387			* @param ResponseInterface $response
388			*
389			* @throws \InvalidArgumentException
390			*
391			* @return ResponseInterface
392			*/
393			protected function respondWithSessionCookie(ResponseInterface $response)
			0 ignored issues – show Coding Style introduced 2016-04-23 18:39 UTC by Report Bug Copy Issue Report `respondWithSessionCookie` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
394			{
395			if (session_status() !== PHP_SESSION_ACTIVE \|\| !array_key_exists($this->sessionTimeoutKey, $_SESSION)) {
396			$expireTime = time() - $this->sessionLifetime;
397			} else {
398			$expireTime = $_SESSION[$this->sessionTimeoutKey];
399			}
400
401			$cookieParams = [
402			sprintf(
403			'expires=%s; max-age=%s',
404			gmdate('D, d M Y H:i:s T', $expireTime),
405			$this->sessionLifetime
406			),
407			];
408
409			if (trim($this->getSessionSetting('cookie_path')) !== '') {
410			$cookieParams[] = 'path=' . $this->getSessionSetting('cookie_path');
411			}
412
413			if (trim($this->getSessionSetting('cookie_domain')) !== '') {
414			$cookieParams[] = 'domain=' . $this->getSessionSetting('cookie_domain');
415			}
416
417			if ((bool) $this->getSessionSetting('cookie_secure')) {
418			$cookieParams[] = 'secure';
419			}
420
421			if ((bool) $this->getSessionSetting('cookie_httponly')) {
422			$cookieParams[] = 'httponly';
423			}
424
425			return $response->withAddedHeader(
426			'Set-Cookie',
427			sprintf(
428			'%s=%s; %s',
429			urlencode($this->sessionName),
430			urlencode(session_id()),
431			implode('; ', $cookieParams)
432			)
433			);
434			}
435
436			/**
437			* Generates cryptographically secure session identifier.
438			*
439			* @param int $length
440			*
441			* @return string
442			*/
443			final public static function generateSessionId($length = self::SESSION_ID_LENGTH)
444			{
445			return substr(
446			preg_replace('/[^a-zA-Z0-9-]+/', '', base64_encode(random_bytes((int) $length))),
447			0,
448			(int) $length
449			);
450			}
451
452			/**
453			* Retrieve session ini setting.
454			*
455			* @param string $setting
456			* @param mixed\|null $default
457			*
458			* @return mixed
459			*/
460			private function getSessionSetting($setting, $default = null)
461			{
462			$setting = ini_get($this->normalizeSessionSettingName($setting));
463
464			if (is_numeric($setting)) {
465			return (int) $setting;
466			}
467
468			$setting = trim($setting);
469
470			return $setting !== '' ? $setting : $default;
471			}
472
473			/**
474			* Set session ini setting.
475			*
476			* @param string $setting
477			* @param mixed $value
478			*/
479			private function setSessionSetting($setting, $value)
480			{
481			ini_set($this->normalizeSessionSettingName($setting), $value);
482			}
483
484			/**
485			* Normalize session setting name to start with 'session.'.
486			*
487			* @param string $setting
488			*
489			* @return string
490			*/
491			private function normalizeSessionSettingName($setting)
492			{
493			return strpos($setting, 'session.') !== 0 ? 'session.' . $setting : $setting;
494			}
495			}
496

juliangut / sessionware

Push — master ( 7b42c0...d949be )

SessionWare::recreateSession() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like