silverstripe /
silverstripe-framework
| Total Complexity | 77 |
| Total Lines | 556 |
| Duplicated Lines | 0 % |
| Changes | 8 | ||
| Bugs | 0 | Features | 0 |
Complex classes like Session often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Session, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 91 | class Session |
||
| 92 | { |
||
| 93 | use Configurable; |
||
| 94 | |||
| 95 | /** |
||
| 96 | * Set session timeout in seconds. |
||
| 97 | * |
||
| 98 | * @var int |
||
| 99 | * @config |
||
| 100 | */ |
||
| 101 | private static $timeout = 0; |
||
|
introduced
by
|
|||
| 102 | |||
| 103 | /** |
||
| 104 | * @config |
||
| 105 | * @var array |
||
| 106 | */ |
||
| 107 | private static $session_ips = array(); |
||
| 108 | |||
| 109 | /** |
||
| 110 | * @config |
||
| 111 | * @var string |
||
| 112 | */ |
||
| 113 | private static $cookie_domain; |
||
| 114 | |||
| 115 | /** |
||
| 116 | * @config |
||
| 117 | * @var string |
||
| 118 | */ |
||
| 119 | private static $cookie_path; |
||
| 120 | |||
| 121 | /** |
||
| 122 | * @config |
||
| 123 | * @var string |
||
| 124 | */ |
||
| 125 | private static $session_store_path; |
||
| 126 | |||
| 127 | /** |
||
| 128 | * @config |
||
| 129 | * @var boolean |
||
| 130 | */ |
||
| 131 | private static $cookie_secure = false; |
||
| 132 | |||
| 133 | /** |
||
| 134 | * @config |
||
| 135 | * @var string |
||
| 136 | */ |
||
| 137 | private static $cookie_name_secure = 'SECSESSID'; |
||
| 138 | |||
| 139 | /** |
||
| 140 | * Name of session cache limiter to use. |
||
| 141 | * Defaults to '' to disable cache limiter entirely. |
||
| 142 | * |
||
| 143 | * @see https://secure.php.net/manual/en/function.session-cache-limiter.php |
||
| 144 | * @var string|null |
||
| 145 | */ |
||
| 146 | private static $sessionCacheLimiter = ''; |
||
| 147 | |||
| 148 | /** |
||
| 149 | * Session data. |
||
| 150 | * Will be null if session has not been started |
||
| 151 | * |
||
| 152 | * @var array|null |
||
| 153 | */ |
||
| 154 | protected $data = null; |
||
| 155 | |||
| 156 | /** |
||
| 157 | * @var bool |
||
| 158 | */ |
||
| 159 | protected $started = false; |
||
| 160 | |||
| 161 | /** |
||
| 162 | * List of keys changed. This is a nested array which represents the |
||
| 163 | * keys modified in $this->data. The value of each item is either "true" |
||
| 164 | * or a nested array. |
||
| 165 | * |
||
| 166 | * If a value is in changedData but not in data, it must be removed |
||
| 167 | * from the destination during save(). |
||
| 168 | * |
||
| 169 | * Only highest level changes are stored. E.g. changes to `Base.Sub` |
||
| 170 | * and then `Base` only records `Base` as the change. |
||
| 171 | * |
||
| 172 | * E.g. |
||
| 173 | * [ |
||
| 174 | * 'Base' => true, |
||
| 175 | * 'Key' => [ |
||
| 176 | * 'Nested' => true, |
||
| 177 | * ], |
||
| 178 | * ] |
||
| 179 | * |
||
| 180 | * @var array |
||
| 181 | */ |
||
| 182 | protected $changedData = array(); |
||
| 183 | |||
| 184 | /** |
||
| 185 | * Get user agent for this request |
||
| 186 | * |
||
| 187 | * @param HTTPRequest $request |
||
| 188 | * @return string |
||
| 189 | */ |
||
| 190 | protected function userAgent(HTTPRequest $request) |
||
| 193 | } |
||
| 194 | |||
| 195 | /** |
||
| 196 | * Start PHP session, then create a new Session object with the given start data. |
||
| 197 | * |
||
| 198 | * @param array|null|Session $data Can be an array of data (such as $_SESSION) or another Session object to clone. |
||
| 199 | * If null, this session is treated as unstarted. |
||
| 200 | */ |
||
| 201 | public function __construct($data) |
||
| 209 | } |
||
| 210 | |||
| 211 | /** |
||
| 212 | * Init this session instance before usage, |
||
| 213 | * if a session identifier is part of the passed in request. |
||
| 214 | * Otherwise, a session might be started in {@link save()} |
||
| 215 | * if session data needs to be written with a new session identifier. |
||
| 216 | * |
||
| 217 | * @param HTTPRequest $request |
||
| 218 | */ |
||
| 219 | public function init(HTTPRequest $request) |
||
| 220 | { |
||
| 221 | if (!$this->isStarted() && $this->requestContainsSessionId($request)) { |
||
| 222 | $this->start($request); |
||
| 223 | } |
||
| 224 | |||
| 225 | // Funny business detected! |
||
| 226 | if (isset($this->data['HTTP_USER_AGENT'])) { |
||
| 227 | if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent($request)) { |
||
| 228 | $this->clearAll(); |
||
| 229 | $this->destroy(); |
||
| 230 | $this->started = false; |
||
| 231 | $this->start($request); |
||
| 232 | } |
||
| 233 | } |
||
| 234 | } |
||
| 235 | |||
| 236 | /** |
||
| 237 | * Destroy existing session and restart |
||
| 238 | * |
||
| 239 | * @param HTTPRequest $request |
||
| 240 | */ |
||
| 241 | public function restart(HTTPRequest $request) |
||
| 242 | { |
||
| 243 | $this->destroy(); |
||
| 244 | $this->init($request); |
||
| 245 | } |
||
| 246 | |||
| 247 | /** |
||
| 248 | * Determine if this session has started |
||
| 249 | * |
||
| 250 | * @return bool |
||
| 251 | */ |
||
| 252 | public function isStarted() |
||
| 253 | { |
||
| 254 | return $this->started; |
||
| 255 | } |
||
| 256 | |||
| 257 | /** |
||
| 258 | * @param HTTPRequest $request |
||
| 259 | * @return bool |
||
| 260 | */ |
||
| 261 | public function requestContainsSessionId(HTTPRequest $request) |
||
| 262 | { |
||
| 263 | $secure = Director::is_https($request) && $this->config()->get('cookie_secure'); |
||
| 264 | $name = $secure ? $this->config()->get('cookie_name_secure') : session_name(); |
||
| 265 | return (bool)Cookie::get($name); |
||
| 266 | } |
||
| 267 | |||
| 268 | /** |
||
| 269 | * Begin session, regardless if a session identifier is present in the request, |
||
| 270 | * or whether any session data needs to be written. |
||
| 271 | * See {@link init()} if you want to "lazy start" a session. |
||
| 272 | * |
||
| 273 | * @param HTTPRequest $request The request for which to start a session |
||
| 274 | */ |
||
| 275 | public function start(HTTPRequest $request) |
||
| 276 | { |
||
| 277 | if ($this->isStarted()) { |
||
| 278 | throw new BadMethodCallException("Session has already started"); |
||
| 279 | } |
||
| 280 | |||
| 281 | $path = $this->config()->get('cookie_path'); |
||
| 282 | if (!$path) { |
||
| 283 | $path = Director::baseURL(); |
||
| 284 | } |
||
| 285 | $domain = $this->config()->get('cookie_domain'); |
||
| 286 | $secure = Director::is_https($request) && $this->config()->get('cookie_secure'); |
||
| 287 | $session_path = $this->config()->get('session_store_path'); |
||
| 288 | $timeout = $this->config()->get('timeout'); |
||
| 289 | |||
| 290 | // Director::baseURL can return absolute domain names - this extracts the relevant parts |
||
| 291 | // for the session otherwise we can get broken session cookies |
||
| 292 | if (Director::is_absolute_url($path)) { |
||
| 293 | $urlParts = parse_url($path); |
||
| 294 | $path = $urlParts['path']; |
||
| 295 | if (!$domain) { |
||
| 296 | $domain = $urlParts['host']; |
||
| 297 | } |
||
| 298 | } |
||
| 299 | |||
| 300 | // If the session cookie is already set, then the session can be read even if headers_sent() = true |
||
| 301 | // This helps with edge-case such as debugging. |
||
| 302 | $data = []; |
||
| 303 | if (!session_id() && (!headers_sent() || $this->requestContainsSessionId($request))) { |
||
| 304 | if (!headers_sent()) { |
||
| 305 | session_set_cookie_params($timeout ?: 0, $path, $domain ?: null, $secure, true); |
||
| 306 | |||
| 307 | $limiter = $this->config()->get('sessionCacheLimiter'); |
||
| 308 | if (isset($limiter)) { |
||
| 309 | session_cache_limiter($limiter); |
||
| 310 | } |
||
| 311 | |||
| 312 | // Allow storing the session in a non standard location |
||
| 313 | if ($session_path) { |
||
| 314 | session_save_path($session_path); |
||
| 315 | } |
||
| 316 | |||
| 317 | // If we want a secure cookie for HTTPS, use a separate session name. This lets us have a |
||
| 318 | // separate (less secure) session for non-HTTPS requests |
||
| 319 | // if headers_sent() is true then it's best to throw the resulting error rather than risk |
||
| 320 | // a security hole. |
||
| 321 | if ($secure) { |
||
| 322 | session_name($this->config()->get('cookie_name_secure')); |
||
| 323 | } |
||
| 324 | |||
| 325 | session_start(); |
||
| 326 | |||
| 327 | // Session start emits a cookie, but only if there's no existing session. If there is a session timeout |
||
| 328 | // tied to this request, make sure the session is held for the entire timeout by refreshing the cookie age. |
||
| 329 | if ($timeout && $this->requestContainsSessionId($request)) { |
||
| 330 | Cookie::set(session_name(), session_id(), $timeout / 86400, $path, $domain ?: null, $secure, true); |
||
| 331 | } |
||
| 332 | } else { |
||
| 333 | // If headers are sent then we can't have a session_cache_limiter otherwise we'll get a warning |
||
| 334 | session_cache_limiter(null); |
||
| 335 | } |
||
| 336 | |||
| 337 | if (isset($_SESSION)) { |
||
| 338 | // Initialise data from session store if present |
||
| 339 | $data = $_SESSION; |
||
| 340 | |||
| 341 | // Merge in existing in-memory data, taking priority over session store data |
||
| 342 | $this->recursivelyApply((array)$this->data, $data); |
||
| 343 | } |
||
| 344 | } |
||
| 345 | |||
| 346 | // Save any modified session data back to the session store if present, otherwise initialise it to an array. |
||
| 347 | $this->data = $data; |
||
| 348 | |||
| 349 | $this->started = true; |
||
| 350 | } |
||
| 351 | |||
| 352 | /** |
||
| 353 | * Destroy this session |
||
| 354 | * |
||
| 355 | * @param bool $removeCookie |
||
| 356 | */ |
||
| 357 | public function destroy($removeCookie = true) |
||
| 358 | { |
||
| 359 | if (session_id()) { |
||
| 360 | if ($removeCookie) { |
||
| 361 | $path = $this->config()->get('cookie_path') ?: Director::baseURL(); |
||
| 362 | $domain = $this->config()->get('cookie_domain'); |
||
| 363 | $secure = $this->config()->get('cookie_secure'); |
||
| 364 | Cookie::force_expiry(session_name(), $path, $domain, $secure, true); |
||
| 365 | } |
||
| 366 | session_destroy(); |
||
| 367 | } |
||
| 368 | // Clean up the superglobal - session_destroy does not do it. |
||
| 369 | // http://nz1.php.net/manual/en/function.session-destroy.php |
||
| 370 | unset($_SESSION); |
||
| 371 | $this->data = null; |
||
| 372 | } |
||
| 373 | |||
| 374 | /** |
||
| 375 | * Set session value |
||
| 376 | * |
||
| 377 | * @param string $name |
||
| 378 | * @param mixed $val |
||
| 379 | * @return $this |
||
| 380 | */ |
||
| 381 | public function set($name, $val) |
||
| 382 | { |
||
| 383 | $var = &$this->nestedValueRef($name, $this->data); |
||
| 384 | |||
| 385 | // Mark changed |
||
| 386 | if ($var !== $val) { |
||
| 387 | $var = $val; |
||
| 388 | $this->markChanged($name); |
||
| 389 | } |
||
| 390 | return $this; |
||
| 391 | } |
||
| 392 | |||
| 393 | /** |
||
| 394 | * Mark key as changed |
||
| 395 | * |
||
| 396 | * @internal |
||
| 397 | * @param string $name |
||
| 398 | */ |
||
| 399 | protected function markChanged($name) |
||
| 400 | { |
||
| 401 | $diffVar = &$this->changedData; |
||
| 402 | foreach (explode('.', $name) as $namePart) { |
||
| 403 | if (!isset($diffVar[$namePart])) { |
||
| 404 | $diffVar[$namePart] = []; |
||
| 405 | } |
||
| 406 | $diffVar = &$diffVar[$namePart]; |
||
| 407 | |||
| 408 | // Already diffed |
||
| 409 | if ($diffVar === true) { |
||
| 410 | return; |
||
| 411 | } |
||
| 412 | } |
||
| 413 | // Mark changed |
||
| 414 | $diffVar = true; |
||
| 415 | } |
||
| 416 | |||
| 417 | /** |
||
| 418 | * Merge value with array |
||
| 419 | * |
||
| 420 | * @param string $name |
||
| 421 | * @param mixed $val |
||
| 422 | */ |
||
| 423 | public function addToArray($name, $val) |
||
| 424 | { |
||
| 425 | $names = explode('.', $name); |
||
| 426 | |||
| 427 | // We still want to do this even if we have strict path checking for legacy code |
||
| 428 | $var = &$this->data; |
||
| 429 | $diffVar = &$this->changedData; |
||
| 430 | |||
| 431 | foreach ($names as $n) { |
||
| 432 | $var = &$var[$n]; |
||
| 433 | $diffVar = &$diffVar[$n]; |
||
| 434 | } |
||
| 435 | |||
| 436 | $var[] = $val; |
||
| 437 | $diffVar[sizeof($var) - 1] = $val; |
||
| 438 | } |
||
| 439 | |||
| 440 | /** |
||
| 441 | * Get session value |
||
| 442 | * |
||
| 443 | * @param string $name |
||
| 444 | * @return mixed |
||
| 445 | */ |
||
| 446 | public function get($name) |
||
| 447 | { |
||
| 448 | return $this->nestedValue($name, $this->data); |
||
| 449 | } |
||
| 450 | |||
| 451 | /** |
||
| 452 | * Clear session value |
||
| 453 | * |
||
| 454 | * @param string $name |
||
| 455 | * @return $this |
||
| 456 | */ |
||
| 457 | public function clear($name) |
||
| 458 | { |
||
| 459 | // Get var by path |
||
| 460 | $var = $this->nestedValue($name, $this->data); |
||
| 461 | |||
| 462 | // Unset var |
||
| 463 | if ($var !== null) { |
||
| 464 | // Unset parent key |
||
| 465 | $parentParts = explode('.', $name); |
||
| 466 | $basePart = array_pop($parentParts); |
||
| 467 | if ($parentParts) { |
||
| 468 | $parent = &$this->nestedValueRef(implode('.', $parentParts), $this->data); |
||
| 469 | unset($parent[$basePart]); |
||
| 470 | } else { |
||
| 471 | unset($this->data[$name]); |
||
| 472 | } |
||
| 473 | $this->markChanged($name); |
||
| 474 | } |
||
| 475 | return $this; |
||
| 476 | } |
||
| 477 | |||
| 478 | /** |
||
| 479 | * Clear all values |
||
| 480 | */ |
||
| 481 | public function clearAll() |
||
| 482 | { |
||
| 483 | if ($this->data && is_array($this->data)) { |
||
| 484 | foreach (array_keys($this->data) as $key) { |
||
| 485 | $this->clear($key); |
||
| 486 | } |
||
| 487 | } |
||
| 488 | } |
||
| 489 | |||
| 490 | /** |
||
| 491 | * Get all values |
||
| 492 | * |
||
| 493 | * @return array|null |
||
| 494 | */ |
||
| 495 | public function getAll() |
||
| 496 | { |
||
| 497 | return $this->data; |
||
| 498 | } |
||
| 499 | |||
| 500 | /** |
||
| 501 | * Set user agent key |
||
| 502 | * |
||
| 503 | * @param HTTPRequest $request |
||
| 504 | */ |
||
| 505 | public function finalize(HTTPRequest $request) |
||
| 506 | { |
||
| 507 | $this->set('HTTP_USER_AGENT', $this->userAgent($request)); |
||
| 508 | } |
||
| 509 | |||
| 510 | /** |
||
| 511 | * Save data to session |
||
| 512 | * Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned. |
||
| 513 | * |
||
| 514 | * @param HTTPRequest $request |
||
| 515 | */ |
||
| 516 | public function save(HTTPRequest $request) |
||
| 527 | } |
||
| 528 | } |
||
| 529 | |||
| 530 | /** |
||
| 531 | * Recursively apply the changes represented in $data to $dest. |
||
| 532 | * Used to update $_SESSION |
||
| 533 | * |
||
| 534 | * @deprecated 4.1.0:5.0.0 Use recursivelyApplyChanges() instead |
||
| 535 | * @param array $data |
||
| 536 | * @param array $dest |
||
| 537 | */ |
||
| 538 | protected function recursivelyApply($data, &$dest) |
||
| 539 | { |
||
| 540 | Deprecation::notice('5.0', 'Use recursivelyApplyChanges() instead'); |
||
| 541 | foreach ($data as $k => $v) { |
||
| 542 | if (is_array($v)) { |
||
| 543 | if (!isset($dest[$k]) || !is_array($dest[$k])) { |
||
| 544 | $dest[$k] = array(); |
||
| 545 | } |
||
| 546 | $this->recursivelyApply($v, $dest[$k]); |
||
| 547 | } else { |
||
| 548 | $dest[$k] = $v; |
||
| 549 | } |
||
| 550 | } |
||
| 551 | } |
||
| 552 | |||
| 553 | /** |
||
| 554 | * Returns the list of changed keys |
||
| 555 | * |
||
| 556 | * @return array |
||
| 557 | */ |
||
| 558 | public function changedData() |
||
| 561 | } |
||
| 562 | |||
| 563 | /** |
||
| 564 | * Navigate to nested value in source array by name, |
||
| 565 | * creating a null placeholder if it doesn't exist. |
||
| 566 | * |
||
| 567 | * @internal |
||
| 568 | * @param string $name |
||
| 569 | * @param array $source |
||
| 570 | * @return mixed Reference to value in $source |
||
| 571 | */ |
||
| 572 | protected function &nestedValueRef($name, &$source) |
||
| 586 | } |
||
| 587 | |||
| 588 | /** |
||
| 589 | * Navigate to nested value in source array by name, |
||
| 590 | * returning null if it doesn't exist. |
||
| 591 | * |
||
| 592 | * @internal |
||
| 593 | * @param string $name |
||
| 594 | * @param array $source |
||
| 595 | * @return mixed Value in array in $source |
||
| 596 | */ |
||
| 597 | protected function nestedValue($name, $source) |
||
| 608 | } |
||
| 609 | |||
| 610 | /** |
||
| 611 | * Apply all changes using separate keys and data sources and a destination |
||
| 612 | * |
||
| 613 | * @internal |
||
| 614 | * @param array $changes |
||
| 615 | * @param array $source |
||
| 616 | * @param array $destination |
||
| 617 | */ |
||
| 618 | protected function recursivelyApplyChanges($changes, $source, &$destination) |
||
| 634 | } |
||
| 635 | } |
||
| 636 | } |
||
| 637 | |||
| 638 | /** |
||
| 639 | * Regenerate session id |
||
| 640 | * |
||
| 641 | * @internal This is for internal use only. Isn't a part of public API. |
||
| 642 | */ |
||
| 643 | public function regenerateSessionId() |
||
| 650 |
Loading history...
