Development

/branches/1.1/lib/storage/sfSessionTestStorage.class.php

You must first sign up to be able to contribute.

root/branches/1.1/lib/storage/sfSessionTestStorage.class.php

Revision 9942, 4.0 kB (checked in by fabien, 6 years ago)

added sfSession::regenerate and added calls on authentication/credential change to protect against session fixation attacks (closes #5325 - patch from Dustin)

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Rev Date
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  *
7  * For the full copyright and license information, please view the LICENSE
8  * file that was distributed with this source code.
9  */
10
11 /**
12  * sfSessionTestStorage is a fake sfSessionStorage implementation to allow easy testing.
13  *
14  * @package    symfony
15  * @subpackage storage
16  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
17  * @version    SVN: $Id$
18  */
19 class sfSessionTestStorage extends sfStorage
20 {
21   protected
22     $sessionId   = null,
23     $sessionData = array();
24
25   /**
26    * Available options:
27    *
28    *  * session_path: The path to store the session files (%SF_TEST_CACHE_DIR%/sessions by default)
29    *  * session_id:   The session identifier
30    *
31    * @param array $options  An associative array of options
32    *
33    * @see sfStorage
34    */
35   public function initialize($options = null)
36   {
37     $options = array_merge(array(
38       'session_path' => sfConfig::get('sf_test_cache_dir').'/sessions',
39       'session_id'   => null,
40     ), $options);
41
42     // initialize parent
43     parent::initialize($options);
44
45     $this->sessionId = !is_null($this->options['session_id']) ? $this->options['session_id'] : (array_key_exists('session_id', $_SERVER) ? $_SERVER['session_id'] : null);
46
47     if ($this->sessionId)
48     {
49       // we read session data from temp file
50       $file = $this->options['session_path'].DIRECTORY_SEPARATOR.$this->sessionId.'.session';
51       $this->sessionData = file_exists($file) ? unserialize(file_get_contents($file)) : array();
52     }
53     else
54     {
55       $this->sessionId   = md5(uniqid(rand(), true));
56       $this->sessionData = array();
57     }
58   }
59
60   /**
61    * Gets session id for the current session storage instance.
62    *
63    * @return string Session id
64    */
65   public function getSessionId()
66   {
67     return $this->sessionId;
68   }
69
70   /**
71    * Reads data from this storage.
72    *
73    * The preferred format for a key is directory style so naming conflicts can be avoided.
74    *
75    * @param  string $key  A unique key identifying your data
76    *
77    * @return mixed Data associated with the key
78    */
79   public function read($key)
80   {
81     $retval = null;
82
83     if (isset($this->sessionData[$key]))
84     {
85       $retval = $this->sessionData[$key];
86     }
87
88     return $retval;
89   }
90
91   /**
92    * Removes data from this storage.
93    *
94    * The preferred format for a key is directory style so naming conflicts can be avoided.
95    *
96    * @param  string $key  A unique key identifying your data
97    *
98    * @return mixed Data associated with the key
99    */
100   public function remove($key)
101   {
102     $retval = null;
103
104     if (isset($this->sessionData[$key]))
105     {
106       $retval = $this->sessionData[$key];
107       unset($this->sessionData[$key]);
108     }
109
110     return $retval;
111   }
112
113   /**
114    * Writes data to this storage.
115    *
116    * The preferred format for a key is directory style so naming conflicts can be avoided
117    *
118    * @param string $key   A unique key identifying your data
119    * @param mixed  $data  Data associated with your key
120    *
121    */
122   public function write($key, $data)
123   {
124     $this->sessionData[$key] = $data;
125   }
126
127   /**
128    * Clears all test sessions.
129    */
130   public function clear()
131   {
132     sfToolkit::clearDirectory($this->options['session_path']);
133   }
134
135   /**
136    * Regenerates id that represents this storage.
137    *
138    * @param  boolean $destroy Destroy session when regenerating?
139    *
140    * @return boolean True if session regenerated, false if error
141    *
142    */
143   public function regenerate($destroy = false)
144   {
145     return true;
146   }
147
148   /**
149    * Executes the shutdown procedure.
150    *
151    */
152   public function shutdown()
153   {
154     if ($this->sessionId)
155     {
156       $current_umask = umask(0000);
157       if (!is_dir($this->options['session_path']))
158       {
159         mkdir($this->options['session_path'], 0777, true);
160       }
161       umask($current_umask);
162       file_put_contents($this->options['session_path'].DIRECTORY_SEPARATOR.$this->sessionId.'.session', serialize($this->sessionData));
163       $this->sessionId   = '';
164       $this->sessionData = array();
165     }
166   }
167 }
168
Note: See TracBrowser for help on using the browser.