<?php
-// Session management functions. These provide database storage of PHP
-// session info.
-
-require_once('include/cache.php');
+/**
+ * Session management functions. These provide database storage of PHP session info.
+ */
+use Friendica\Core\Cache;
+use Friendica\Core\Config;
+use Friendica\Database\DBM;
$session_exists = 0;
$session_expire = 180000;
-function ref_session_open($s, $n) {
+function ref_session_open()
+{
return true;
}
-function ref_session_read($id) {
+function ref_session_read($id)
+{
global $session_exists;
if (!x($id)) {
return '';
}
- $memcache = cache::memcache();
+ $memcache = Cache::memcache();
if (is_object($memcache)) {
$data = $memcache->get(get_app()->get_hostname().":session:".$id);
if (!is_bool($data)) {
+ $session_exists = true;
return $data;
}
logger("no data for session $id", LOGGER_TRACE);
return '';
}
- $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
-
- if (dbm::is_result($r)) {
+ $r = dba::selectOne('session', ['data'], ['sid' => $id]);
+ if (DBM::is_result($r)) {
$session_exists = true;
- return $r[0]['data'];
+ return $r['data'];
} else {
logger("no data for session $id", LOGGER_TRACE);
}
return '';
}
-function ref_session_write($id, $data) {
+/**
+ * @brief Standard PHP session write callback
+ *
+ * This callback updates the DB-stored session data and/or the expiration depending
+ * on the case. Uses the $session_expire global for existing session, 5 minutes
+ * for newly created session.
+ *
+ * @global bool $session_exists Whether a session with the given id already exists
+ * @global int $session_expire Session expiration delay in seconds
+ * @param string $id Session ID with format: [a-z0-9]{26}
+ * @param string $data Serialized session data
+ * @return boolean Returns false if parameters are missing, true otherwise
+ */
+function ref_session_write($id, $data)
+{
global $session_exists, $session_expire;
- if (!$id || !$data) {
+ if (!$id) {
return false;
}
+ if (!$data) {
+ return true;
+ }
+
$expire = time() + $session_expire;
$default_expire = time() + 300;
- $memcache = cache::memcache();
- if (is_object($memcache)) {
- $memcache->set(get_app()->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
+ $memcache = Cache::memcache();
+ $a = get_app();
+ if (is_object($memcache) && is_object($a)) {
+ $memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
return true;
}
if ($session_exists) {
- $r = q("UPDATE `session`
- SET `data` = '%s'
- WHERE `data` != '%s' AND `sid` = '%s'",
- dbesc($data), dbesc($data), dbesc($id));
-
- $r = q("UPDATE `session`
- SET `expire` = '%s'
- WHERE `expire` != '%s' AND `sid` = '%s'",
- dbesc($expire), dbesc($expire), dbesc($id));
- } else
- $r = q("INSERT INTO `session`
- SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
- dbesc($id), dbesc($default_expire), dbesc($data));
+ $fields = array('data' => $data, 'expire' => $expire);
+ $condition = array("`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire);
+ dba::update('session', $fields, $condition);
+ } else {
+ $fields = array('sid' => $id, 'expire' => $default_expire, 'data' => $data);
+ dba::insert('session', $fields);
+ }
return true;
}
-function ref_session_close() {
+function ref_session_close()
+{
return true;
}
-function ref_session_destroy($id) {
- $memcache = cache::memcache();
+function ref_session_destroy($id)
+{
+ $memcache = Cache::memcache();
if (is_object($memcache)) {
$memcache->delete(get_app()->get_hostname().":session:".$id);
return true;
}
- q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
-
+ dba::delete('session', array('sid' => $id));
return true;
}
-function ref_session_gc($expire) {
- q("DELETE FROM `session` WHERE `expire` < %d", dbesc(time()));
-
+function ref_session_gc()
+{
+ dba::delete('session', array("`expire` < ?", time()));
return true;
}
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
-if (!get_config('system', 'disable_database_session')) {
- session_set_save_handler('ref_session_open', 'ref_session_close',
- 'ref_session_read', 'ref_session_write',
- 'ref_session_destroy', 'ref_session_gc');
+if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
+ ini_set('session.cookie_secure', 1);
+}
+
+if (!Config::get('system', 'disable_database_session')) {
+ session_set_save_handler(
+ 'ref_session_open', 'ref_session_close',
+ 'ref_session_read', 'ref_session_write',
+ 'ref_session_destroy', 'ref_session_gc'
+ );
}