2 // Session management functions. These provide database storage of PHP
5 require_once('include/cache.php');
8 $session_expire = 180000;
10 function ref_session_open($s, $n) {
14 function ref_session_read($id) {
15 global $session_exists;
21 $memcache = cache::memcache();
22 if (is_object($memcache)) {
23 $data = $memcache->get(get_app()->get_hostname().":session:".$id);
24 if (!is_bool($data)) {
27 logger("no data for session $id", LOGGER_TRACE);
31 $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
33 if (dbm::is_result($r)) {
34 $session_exists = true;
37 logger("no data for session $id", LOGGER_TRACE);
44 * @brief Standard PHP session write callback
46 * This callback updates the DB-stored session data and/or the expiration depending
47 * on the case. Uses the $session_expire global for existing session, 5 minutes
48 * for newly created session.
50 * @global bool $session_exists Whether a session with the given id already exists
51 * @global int $session_expire Session expiration delay in seconds
52 * @param string $id Session ID with format: [a-z0-9]{26}
53 * @param string $data Serialized session data
54 * @return boolean Returns false if parameters are missing, true otherwise
56 function ref_session_write($id, $data) {
57 global $session_exists, $session_expire;
63 $expire = time() + $session_expire;
64 $default_expire = time() + 300;
66 $memcache = cache::memcache();
67 if (is_object($memcache)) {
68 $memcache->set(get_app()->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
72 if ($session_exists) {
73 $r = q("UPDATE `session`
74 SET `data` = '%s', `expire` = '%s'
76 AND (`data` != '%s' OR `expire` != '%s')",
77 dbesc($data), dbesc($expire), dbesc($id), dbesc($data), dbesc($expire));
79 $r = q("INSERT INTO `session`
80 SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
81 dbesc($id), dbesc($default_expire), dbesc($data));
87 function ref_session_close() {
91 function ref_session_destroy($id) {
92 $memcache = cache::memcache();
94 if (is_object($memcache)) {
95 $memcache->delete(get_app()->get_hostname().":session:".$id);
99 q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
104 function ref_session_gc($expire) {
105 q("DELETE FROM `session` WHERE `expire` < %d", dbesc(time()));
110 $gc_probability = 50;
112 ini_set('session.gc_probability', $gc_probability);
113 ini_set('session.use_only_cookies', 1);
114 ini_set('session.cookie_httponly', 1);
116 if (!get_config('system', 'disable_database_session')) {
117 session_set_save_handler('ref_session_open', 'ref_session_close',
118 'ref_session_read', 'ref_session_write',
119 'ref_session_destroy', 'ref_session_gc');