3 * Session management functions. These provide database storage of PHP session info.
5 use Friendica\Core\Cache;
6 use Friendica\Core\Config;
7 use Friendica\Database\DBM;
10 $session_expire = 180000;
12 function ref_session_open($s, $n)
17 function ref_session_read($id)
19 global $session_exists;
25 $memcache = Cache::memcache();
26 if (is_object($memcache)) {
27 $data = $memcache->get(get_app()->get_hostname().":session:".$id);
28 if (!is_bool($data)) {
29 $session_exists = true;
32 logger("no data for session $id", LOGGER_TRACE);
36 $r = dba::select('session', array('data'), array('sid' => $id), array('limit' => 1));
37 if (DBM::is_result($r)) {
38 $session_exists = true;
41 logger("no data for session $id", LOGGER_TRACE);
48 * @brief Standard PHP session write callback
50 * This callback updates the DB-stored session data and/or the expiration depending
51 * on the case. Uses the $session_expire global for existing session, 5 minutes
52 * for newly created session.
54 * @global bool $session_exists Whether a session with the given id already exists
55 * @global int $session_expire Session expiration delay in seconds
56 * @param string $id Session ID with format: [a-z0-9]{26}
57 * @param string $data Serialized session data
58 * @return boolean Returns false if parameters are missing, true otherwise
60 function ref_session_write($id, $data)
62 global $session_exists, $session_expire;
72 $expire = time() + $session_expire;
73 $default_expire = time() + 300;
75 $memcache = Cache::memcache();
77 if (is_object($memcache) && is_object($a)) {
78 $memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
82 if ($session_exists) {
83 $fields = array('data' => $data, 'expire' => $expire);
84 $condition = array("`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire);
85 dba::update('session', $fields, $condition);
87 $fields = array('sid' => $id, 'expire' => $default_expire, 'data' => $data);
88 dba::insert('session', $fields);
94 function ref_session_close()
99 function ref_session_destroy($id)
101 $memcache = Cache::memcache();
103 if (is_object($memcache)) {
104 $memcache->delete(get_app()->get_hostname().":session:".$id);
108 dba::delete('session', array('sid' => $id));
112 function ref_session_gc($expire)
114 dba::delete('session', array("`expire` < ?", time()));
118 $gc_probability = 50;
120 ini_set('session.gc_probability', $gc_probability);
121 ini_set('session.use_only_cookies', 1);
122 ini_set('session.cookie_httponly', 1);
124 if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
125 ini_set('session.cookie_secure', 1);
128 if (!Config::get('system', 'disable_database_session')) {
129 session_set_save_handler(
130 'ref_session_open', 'ref_session_close',
131 'ref_session_read', 'ref_session_write',
132 'ref_session_destroy', 'ref_session_gc'