X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsession.php;h=0e8fe836f319b7a2549d5ff3cdc5e4f1231b702b;hb=bae725c2797fcae0d61c13822d27e4277ec0cc0e;hp=6c32e299ff2a447a9b68229c5606b2483a865f5a;hpb=c3139fa0fd49b0b4de4568d46a6946c75ccb2a62;p=friendica.git

diff --git a/include/session.php b/include/session.php
index 6c32e299ff..0e8fe836f3 100644
--- a/include/session.php
+++ b/include/session.php
@@ -1,68 +1,119 @@
 <?php
-
-// Session management functions. These provide database storage of PHP
-// session info.
+/**
+ * Session management functions. These provide database storage of PHP session info.
+ */
+use Friendica\Core\Cache;
+use Friendica\Core\Config;
+use Friendica\Database\DBM;
 
 $session_exists = 0;
 $session_expire = 180000;
 
-if(! function_exists('ref_session_open')) { 
-function ref_session_open ($s,$n) {
-  return true;
-}}
-
-if(! function_exists('ref_session_read')) { 
-function ref_session_read ($id) {
-  global $session_exists;
-  if(x($id))
-    $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
-  if(count($r)) {
-    $session_exists = true;
-    return $r[0]['data'];
-  }
-  return '';
-}}
-
-if(! function_exists('ref_session_write')) { 
-function ref_session_write ($id,$data) {
-  global $session_exists, $session_expire;
-  if(! $id || ! $data) { 
-    return false; 
-  }
-
-  $expire = time() + $session_expire;
-  $default_expire = time() + 300;
-
-  if($session_exists)
-    $r = q("UPDATE `session` 
-            SET `data` = '%s', `expire` = '%s' 
-            WHERE `sid` = '%s' LIMIT 1", 
-            dbesc($data), dbesc($expire), dbesc($id));
-  else
-    $r = q("INSERT INTO `session`
-            SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
-            dbesc($id), dbesc($default_expire), dbesc($data));
-
-  return true;
-}}
-
-if(! function_exists('ref_session_close')) { 
-function ref_session_close() {
-  return true;
-}}
-
-if(! function_exists('ref_session_destroy')) { 
-function ref_session_destroy ($id) {
-  q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
-  return true;
-}}
-
-if(! function_exists('ref_session_gc')) { 
-function ref_session_gc($expire) {
-  q("DELETE FROM `session` WHERE `expire` < %d", dbesc(time()));
-  q("OPTIMIZE TABLE `sess_data`");
-  return true;
-}}
+function ref_session_open()
+{
+	return true;
+}
+
+function ref_session_read($id)
+{
+	global $session_exists;
+
+	if (!x($id)) {
+		return '';
+	}
+
+	$memcache = Cache::memcache();
+	if (is_object($memcache)) {
+		$data = $memcache->get(get_app()->get_hostname().":session:".$id);
+		if (!is_bool($data)) {
+			$session_exists = true;
+			return $data;
+		}
+		logger("no data for session $id", LOGGER_TRACE);
+		return '';
+	}
+
+	$session = dba::selectFirst('session', ['data'], ['sid' => $id]);
+	if (DBM::is_result($session)) {
+		$session_exists = true;
+		return $session['data'];
+	} else {
+		logger("no data for session $id", LOGGER_TRACE);
+	}
+
+	return '';
+}
+
+/**
+ * @brief Standard PHP session write callback
+ *
+ * This callback updates the DB-stored session data and/or the expiration depending
+ * on the case. Uses the $session_expire global for existing session, 5 minutes
+ * for newly created session.
+ *
+ * @global bool   $session_exists Whether a session with the given id already exists
+ * @global int    $session_expire Session expiration delay in seconds
+ * @param  string $id   Session ID with format: [a-z0-9]{26}
+ * @param  string $data Serialized session data
+ * @return boolean Returns false if parameters are missing, true otherwise
+ */
+function ref_session_write($id, $data)
+{
+	global $session_exists, $session_expire;
+
+	if (!$id) {
+		return false;
+	}
+
+	if (!$data) {
+		return true;
+	}
+
+	$expire = time() + $session_expire;
+	$default_expire = time() + 300;
+
+	$memcache = Cache::memcache();
+	$a = get_app();
+	if (is_object($memcache) && is_object($a)) {
+		$memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
+		return true;
+	}
+
+	if ($session_exists) {
+		$fields = ['data' => $data, 'expire' => $expire];
+		$condition = ["`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire];
+		dba::update('session', $fields, $condition);
+	} else {
+		$fields = ['sid' => $id, 'expire' => $default_expire, 'data' => $data];
+		dba::insert('session', $fields);
+	}
+
+	return true;
+}
+
+function ref_session_close()
+{
+	return true;
+}
+
+function ref_session_destroy($id)
+{
+	$memcache = Cache::memcache();
+
+	if (is_object($memcache)) {
+		$memcache->delete(get_app()->get_hostname().":session:".$id);
+		return true;
+	}
+
+	dba::delete('session', ['sid' => $id]);
+	return true;
+}
+
+function ref_session_gc()
+{
+	dba::delete('session', ["`expire` < ?", time()]);
+	return true;
+}
 
 $gc_probability = 50;
 
@@ -70,7 +121,14 @@ ini_set('session.gc_probability', $gc_probability);
 ini_set('session.use_only_cookies', 1);
 ini_set('session.cookie_httponly', 1);
 
+if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
+	ini_set('session.cookie_secure', 1);
+}
 
-session_set_save_handler ('ref_session_open', 'ref_session_close',
-                            'ref_session_read', 'ref_session_write',
-                            'ref_session_destroy', 'ref_session_gc');
+if (!Config::get('system', 'disable_database_session')) {
+	session_set_save_handler(
+		'ref_session_open', 'ref_session_close',
+		'ref_session_read', 'ref_session_write',
+		'ref_session_destroy', 'ref_session_gc'
+	);
+}