← Back to branch summary

~tsep-dev/tsep/0.9-beta

« back to all changes in this revision

Viewing changes to branches/symfony/cake/libs/cake_session.php

  • Committer: geoffreyfishing
  • Date: 2011-01-11 23:46:12 UTC
  • Revision ID: svn-v4:ae0de26e-ed09-4cbe-9a20-e40b4c60ac6c::125
Created a symfony branch for future migration to symfony

Show diffs side-by-side

added added

removed removed

Lines of Context:
branches/symfony/cake/libs/cake_session.php
 
1
<?php
 
2
/**
 
3
 * Session class for Cake.
 
4
 *
 
5
 * Cake abstracts the handling of sessions.
 
6
 * There are several convenient methods to access session information.
 
7
 * This class is the implementation of those methods.
 
8
 * They are mostly used by the Session Component.
 
9
 *
 
10
 * PHP versions 4 and 5
 
11
 *
 
12
 * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 
13
 * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
 
14
 *
 
15
 * Licensed under The MIT License
 
16
 * Redistributions of files must retain the above copyright notice.
 
17
 *
 
18
 * @copyright     Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
 
19
 * @link          http://cakephp.org CakePHP(tm) Project
 
20
 * @package       cake
 
21
 * @subpackage    cake.cake.libs
 
22
 * @since         CakePHP(tm) v .0.10.0.1222
 
23
 * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 
24
 */
 
25
 
 
26
/**
 
27
 * Session class for Cake.
 
28
 *
 
29
 * Cake abstracts the handling of sessions. There are several convenient methods to access session information.
 
30
 * This class is the implementation of those methods. They are mostly used by the Session Component.
 
31
 *
 
32
 * @package       cake
 
33
 * @subpackage    cake.cake.libs
 
34
 */
 
35
class CakeSession extends Object {
 
36
 
 
37
/**
 
38
 * True if the Session is still valid
 
39
 *
 
40
 * @var boolean
 
41
 * @access public
 
42
 */
 
43
        var $valid = false;
 
44
 
 
45
/**
 
46
 * Error messages for this session
 
47
 *
 
48
 * @var array
 
49
 * @access public
 
50
 */
 
51
        var $error = false;
 
52
 
 
53
/**
 
54
 * User agent string
 
55
 *
 
56
 * @var string
 
57
 * @access protected
 
58
 */
 
59
        var $_userAgent = '';
 
60
 
 
61
/**
 
62
 * Path to where the session is active.
 
63
 *
 
64
 * @var string
 
65
 * @access public
 
66
 */
 
67
        var $path = '/';
 
68
 
 
69
/**
 
70
 * Error number of last occurred error
 
71
 *
 
72
 * @var integer
 
73
 * @access public
 
74
 */
 
75
        var $lastError = null;
 
76
 
 
77
/**
 
78
 * 'Security.level' setting, "high", "medium", or "low".
 
79
 *
 
80
 * @var string
 
81
 * @access public
 
82
 */
 
83
        var $security = null;
 
84
 
 
85
/**
 
86
 * Start time for this session.
 
87
 *
 
88
 * @var integer
 
89
 * @access public
 
90
 */
 
91
        var $time = false;
 
92
 
 
93
/**
 
94
 * Time when this session becomes invalid.
 
95
 *
 
96
 * @var integer
 
97
 * @access public
 
98
 */
 
99
        var $sessionTime = false;
 
100
 
 
101
/**
 
102
 * The number of seconds to set for session.cookie_lifetime.  0 means
 
103
 * at browser close.
 
104
 *
 
105
 * @var integer
 
106
 */
 
107
        var $cookieLifeTime = false;
 
108
 
 
109
/**
 
110
 * Keeps track of keys to watch for writes on
 
111
 *
 
112
 * @var array
 
113
 * @access public
 
114
 */
 
115
        var $watchKeys = array();
 
116
 
 
117
/**
 
118
 * Current Session id
 
119
 *
 
120
 * @var string
 
121
 * @access public
 
122
 */
 
123
        var $id = null;
 
124
 
 
125
/**
 
126
 * Hostname
 
127
 *
 
128
 * @var string
 
129
 * @access public
 
130
 */
 
131
        var $host = null;
 
132
 
 
133
/**
 
134
 * Session timeout multiplier factor
 
135
 *
 
136
 * @var integer
 
137
 * @access public
 
138
 */
 
139
        var $timeout = null;
 
140
 
 
141
/**
 
142
 * Constructor.
 
143
 *
 
144
 * @param string $base The base path for the Session
 
145
 * @param boolean $start Should session be started right now
 
146
 * @access public
 
147
 */
 
148
        function __construct($base = null, $start = true) {
 
149
                App::import('Core', array('Set', 'Security'));
 
150
                $this->time = time();
 
151
 
 
152
                if (Configure::read('Session.checkAgent') === true || Configure::read('Session.checkAgent') === null) {
 
153
                        if (env('HTTP_USER_AGENT') != null) {
 
154
                                $this->_userAgent = md5(env('HTTP_USER_AGENT') . Configure::read('Security.salt'));
 
155
                        }
 
156
                }
 
157
                if (Configure::read('Session.save') === 'database') {
 
158
                        $modelName = Configure::read('Session.model');
 
159
                        $database = Configure::read('Session.database');
 
160
                        $table = Configure::read('Session.table');
 
161
 
 
162
                        if (empty($database)) {
 
163
                                $database = 'default';
 
164
                        }
 
165
                        $settings = array(
 
166
                                'class' => 'Session',
 
167
                                'alias' => 'Session',
 
168
                                'table' => 'cake_sessions',
 
169
                                'ds' => $database
 
170
                        );
 
171
                        if (!empty($modelName)) {
 
172
                                $settings['class'] = $modelName;
 
173
                        }
 
174
                        if (!empty($table)) {
 
175
                                $settings['table'] = $table;
 
176
                        }
 
177
                        ClassRegistry::init($settings);
 
178
                }
 
179
                if ($start === true) {
 
180
                        if (!empty($base)) {
 
181
                                $this->path = $base;
 
182
                                if (strpos($base, 'index.php') !== false) {
 
183
                                   $this->path = str_replace('index.php', '', $base);
 
184
                                }
 
185
                                if (strpos($base, '?') !== false) {
 
186
                                   $this->path = str_replace('?', '', $base);
 
187
                                }
 
188
                        }
 
189
                        $this->host = env('HTTP_HOST');
 
190
 
 
191
                        if (strpos($this->host, ':') !== false) {
 
192
                                $this->host = substr($this->host, 0, strpos($this->host, ':'));
 
193
                        }
 
194
                }
 
195
                if (isset($_SESSION) || $start === true) {
 
196
                        if (!class_exists('Security')) {
 
197
                                App::import('Core', 'Security');
 
198
                        }
 
199
                        $this->sessionTime = $this->time + (Security::inactiveMins() * Configure::read('Session.timeout'));
 
200
                        $this->security = Configure::read('Security.level');
 
201
                }
 
202
                parent::__construct();
 
203
        }
 
204
 
 
205
/**
 
206
 * Starts the Session.
 
207
 *
 
208
 * @return boolean True if session was started
 
209
 * @access public
 
210
 */
 
211
        function start() {
 
212
                if ($this->started()) {
 
213
                        return true;
 
214
                }
 
215
                if (function_exists('session_write_close')) {
 
216
                        session_write_close();
 
217
                }
 
218
                $this->__initSession();
 
219
                $this->__startSession();
 
220
                return $this->started();
 
221
        }
 
222
 
 
223
/**
 
224
 * Determine if Session has been started.
 
225
 *
 
226
 * @access public
 
227
 * @return boolean True if session has been started.
 
228
 */
 
229
        function started() {
 
230
                if (isset($_SESSION) && session_id()) {
 
231
                        return true;
 
232
                }
 
233
                return false;
 
234
        }
 
235
 
 
236
/**
 
237
 * Returns true if given variable is set in session.
 
238
 *
 
239
 * @param string $name Variable name to check for
 
240
 * @return boolean True if variable is there
 
241
 * @access public
 
242
 */
 
243
        function check($name) {
 
244
                if (empty($name)) {
 
245
                        return false;
 
246
                }
 
247
                $result = Set::classicExtract($_SESSION, $name);
 
248
                return isset($result);
 
249
        }
 
250
 
 
251
/**
 
252
 * Returns the Session id
 
253
 *
 
254
 * @param id $name string
 
255
 * @return string Session id
 
256
 * @access public
 
257
 */
 
258
        function id($id = null) {
 
259
                if ($id) {
 
260
                        $this->id = $id;
 
261
                        session_id($this->id);
 
262
                }
 
263
                if ($this->started()) {
 
264
                        return session_id();
 
265
                } else {
 
266
                        return $this->id;
 
267
                }
 
268
        }
 
269
 
 
270
/**
 
271
 * Removes a variable from session.
 
272
 *
 
273
 * @param string $name Session variable to remove
 
274
 * @return boolean Success
 
275
 * @access public
 
276
 */
 
277
        function delete($name) {
 
278
                if ($this->check($name)) {
 
279
                        if (in_array($name, $this->watchKeys)) {
 
280
                                trigger_error(sprintf(__('Deleting session key {%s}', true), $name), E_USER_NOTICE);
 
281
                        }
 
282
                        $this->__overwrite($_SESSION, Set::remove($_SESSION, $name));
 
283
                        return ($this->check($name) == false);
 
284
                }
 
285
                $this->__setError(2, sprintf(__("%s doesn't exist", true), $name));
 
286
                return false;
 
287
        }
 
288
 
 
289
/**
 
290
 * Used to write new data to _SESSION, since PHP doesn't like us setting the _SESSION var itself
 
291
 *
 
292
 * @param array $old Set of old variables => values
 
293
 * @param array $new New set of variable => value
 
294
 * @access private
 
295
 */
 
296
        function __overwrite(&$old, $new) {
 
297
                if (!empty($old)) {
 
298
                        foreach ($old as $key => $var) {
 
299
                                if (!isset($new[$key])) {
 
300
                                        unset($old[$key]);
 
301
                                }
 
302
                        }
 
303
                }
 
304
                foreach ($new as $key => $var) {
 
305
                        $old[$key] = $var;
 
306
                }
 
307
        }
 
308
 
 
309
/**
 
310
 * Return error description for given error number.
 
311
 *
 
312
 * @param integer $errorNumber Error to set
 
313
 * @return string Error as string
 
314
 * @access private
 
315
 */
 
316
        function __error($errorNumber) {
 
317
                if (!is_array($this->error) || !array_key_exists($errorNumber, $this->error)) {
 
318
                        return false;
 
319
                } else {
 
320
                        return $this->error[$errorNumber];
 
321
                }
 
322
        }
 
323
 
 
324
/**
 
325
 * Returns last occurred error as a string, if any.
 
326
 *
 
327
 * @return mixed Error description as a string, or false.
 
328
 * @access public
 
329
 */
 
330
        function error() {
 
331
                if ($this->lastError) {
 
332
                        return $this->__error($this->lastError);
 
333
                } else {
 
334
                        return false;
 
335
                }
 
336
        }
 
337
 
 
338
/**
 
339
 * Returns true if session is valid.
 
340
 *
 
341
 * @return boolean Success
 
342
 * @access public
 
343
 */
 
344
        function valid() {
 
345
                if ($this->read('Config')) {
 
346
                        if ((Configure::read('Session.checkAgent') === false || $this->_userAgent == $this->read('Config.userAgent')) && $this->time <= $this->read('Config.time')) {
 
347
                                if ($this->error === false) {
 
348
                                        $this->valid = true;
 
349
                                }
 
350
                        } else {
 
351
                                $this->valid = false;
 
352
                                $this->__setError(1, 'Session Highjacking Attempted !!!');
 
353
                        }
 
354
                }
 
355
                return $this->valid;
 
356
        }
 
357
 
 
358
/**
 
359
 * Returns given session variable, or all of them, if no parameters given.
 
360
 *
 
361
 * @param mixed $name The name of the session variable (or a path as sent to Set.extract)
 
362
 * @return mixed The value of the session variable
 
363
 * @access public
 
364
 */
 
365
        function read($name = null) {
 
366
                if (is_null($name)) {
 
367
                        return $this->__returnSessionVars();
 
368
                }
 
369
                if (empty($name)) {
 
370
                        return false;
 
371
                }
 
372
                $result = Set::classicExtract($_SESSION, $name);
 
373
 
 
374
                if (!is_null($result)) {
 
375
                        return $result;
 
376
                }
 
377
                $this->__setError(2, "$name doesn't exist");
 
378
                return null;
 
379
        }
 
380
 
 
381
/**
 
382
 * Returns all session variables.
 
383
 *
 
384
 * @return mixed Full $_SESSION array, or false on error.
 
385
 * @access private
 
386
 */
 
387
        function __returnSessionVars() {
 
388
                if (!empty($_SESSION)) {
 
389
                        return $_SESSION;
 
390
                }
 
391
                $this->__setError(2, "No Session vars set");
 
392
                return false;
 
393
        }
 
394
 
 
395
/**
 
396
 * Tells Session to write a notification when a certain session path or subpath is written to
 
397
 *
 
398
 * @param mixed $var The variable path to watch
 
399
 * @return void
 
400
 * @access public
 
401
 */
 
402
        function watch($var) {
 
403
                if (empty($var)) {
 
404
                        return false;
 
405
                }
 
406
                if (!in_array($var, $this->watchKeys, true)) {
 
407
                        $this->watchKeys[] = $var;
 
408
                }
 
409
        }
 
410
 
 
411
/**
 
412
 * Tells Session to stop watching a given key path
 
413
 *
 
414
 * @param mixed $var The variable path to watch
 
415
 * @return void
 
416
 * @access public
 
417
 */
 
418
        function ignore($var) {
 
419
                if (!in_array($var, $this->watchKeys)) {
 
420
                        return;
 
421
                }
 
422
                foreach ($this->watchKeys as $i => $key) {
 
423
                        if ($key == $var) {
 
424
                                unset($this->watchKeys[$i]);
 
425
                                $this->watchKeys = array_values($this->watchKeys);
 
426
                                return;
 
427
                        }
 
428
                }
 
429
        }
 
430
 
 
431
/**
 
432
 * Writes value to given session variable name.
 
433
 *
 
434
 * @param mixed $name Name of variable
 
435
 * @param string $value Value to write
 
436
 * @return boolean True if the write was successful, false if the write failed
 
437
 * @access public
 
438
 */
 
439
        function write($name, $value) {
 
440
                if (empty($name)) {
 
441
                        return false;
 
442
                }
 
443
                if (in_array($name, $this->watchKeys)) {
 
444
                        trigger_error(sprintf(__('Writing session key {%s}: %s', true), $name, Debugger::exportVar($value)), E_USER_NOTICE);
 
445
                }
 
446
                $this->__overwrite($_SESSION, Set::insert($_SESSION, $name, $value));
 
447
                return (Set::classicExtract($_SESSION, $name) === $value);
 
448
        }
 
449
 
 
450
/**
 
451
 * Helper method to destroy invalid sessions.
 
452
 *
 
453
 * @return void
 
454
 * @access public
 
455
 */
 
456
        function destroy() {
 
457
                if ($this->started()) {
 
458
                        session_destroy();
 
459
                }
 
460
                $_SESSION = null;
 
461
                $this->__construct($this->path);
 
462
                $this->start();
 
463
                $this->renew();
 
464
                $this->_checkValid();
 
465
        }
 
466
 
 
467
/**
 
468
 * Helper method to initialize a session, based on Cake core settings.
 
469
 *
 
470
 * @access private
 
471
 */
 
472
        function __initSession() {
 
473
                $iniSet = function_exists('ini_set');
 
474
                if ($iniSet && env('HTTPS')) {
 
475
                        ini_set('session.cookie_secure', 1);
 
476
                }
 
477
                if ($iniSet && ($this->security === 'high' || $this->security === 'medium')) {
 
478
                        ini_set('session.referer_check', $this->host);
 
479
                }
 
480
 
 
481
                if ($this->security == 'high') {
 
482
                        $this->cookieLifeTime = 0;
 
483
                } else {
 
484
                        $this->cookieLifeTime = Configure::read('Session.timeout') * (Security::inactiveMins() * 60);
 
485
                }
 
486
 
 
487
                switch (Configure::read('Session.save')) {
 
488
                        case 'cake':
 
489
                                if (empty($_SESSION)) {
 
490
                                        if ($iniSet) {
 
491
                                                ini_set('session.use_trans_sid', 0);
 
492
                                                ini_set('url_rewriter.tags', '');
 
493
                                                ini_set('session.serialize_handler', 'php');
 
494
                                                ini_set('session.use_cookies', 1);
 
495
                                                ini_set('session.name', Configure::read('Session.cookie'));
 
496
                                                ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 
497
                                                ini_set('session.cookie_path', $this->path);
 
498
                                                ini_set('session.auto_start', 0);
 
499
                                                ini_set('session.save_path', TMP . 'sessions');
 
500
                                        }
 
501
                                }
 
502
                        break;
 
503
                        case 'database':
 
504
                                if (empty($_SESSION)) {
 
505
                                        if (Configure::read('Session.model') === null) {
 
506
                                                trigger_error(__("You must set the all Configure::write('Session.*') in core.php to use database storage"), E_USER_WARNING);
 
507
                                                $this->_stop();
 
508
                                        }
 
509
                                        if ($iniSet) {
 
510
                                                ini_set('session.use_trans_sid', 0);
 
511
                                                ini_set('url_rewriter.tags', '');
 
512
                                                ini_set('session.save_handler', 'user');
 
513
                                                ini_set('session.serialize_handler', 'php');
 
514
                                                ini_set('session.use_cookies', 1);
 
515
                                                ini_set('session.name', Configure::read('Session.cookie'));
 
516
                                                ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 
517
                                                ini_set('session.cookie_path', $this->path);
 
518
                                                ini_set('session.auto_start', 0);
 
519
                                        }
 
520
                                }
 
521
                                session_set_save_handler(
 
522
                                        array('CakeSession','__open'),
 
523
                                        array('CakeSession', '__close'),
 
524
                                        array('CakeSession', '__read'),
 
525
                                        array('CakeSession', '__write'),
 
526
                                        array('CakeSession', '__destroy'),
 
527
                                        array('CakeSession', '__gc')
 
528
                                );
 
529
                        break;
 
530
                        case 'php':
 
531
                                if (empty($_SESSION)) {
 
532
                                        if ($iniSet) {
 
533
                                                ini_set('session.use_trans_sid', 0);
 
534
                                                ini_set('session.name', Configure::read('Session.cookie'));
 
535
                                                ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 
536
                                                ini_set('session.cookie_path', $this->path);
 
537
                                        }
 
538
                                }
 
539
                        break;
 
540
                        case 'cache':
 
541
                                if (empty($_SESSION)) {
 
542
                                        if (!class_exists('Cache')) {
 
543
                                                require LIBS . 'cache.php';
 
544
                                        }
 
545
                                        if ($iniSet) {
 
546
                                                ini_set('session.use_trans_sid', 0);
 
547
                                                ini_set('url_rewriter.tags', '');
 
548
                                                ini_set('session.save_handler', 'user');
 
549
                                                ini_set('session.use_cookies', 1);
 
550
                                                ini_set('session.name', Configure::read('Session.cookie'));
 
551
                                                ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 
552
                                                ini_set('session.cookie_path', $this->path);
 
553
                                        }
 
554
                                }
 
555
                                session_set_save_handler(
 
556
                                        array('CakeSession','__open'),
 
557
                                        array('CakeSession', '__close'),
 
558
                                        array('Cache', 'read'),
 
559
                                        array('Cache', 'write'),
 
560
                                        array('Cache', 'delete'),
 
561
                                        array('Cache', 'gc')
 
562
                                );
 
563
                        break;
 
564
                        default:
 
565
                                $config = CONFIGS . Configure::read('Session.save') . '.php';
 
566
 
 
567
                                if (is_file($config)) {
 
568
                                        require($config);
 
569
                                }
 
570
                        break;
 
571
                }
 
572
        }
 
573
 
 
574
/**
 
575
 * Helper method to start a session
 
576
 *
 
577
 * @access private
 
578
 */
 
579
        function __startSession() {
 
580
                if (headers_sent()) {
 
581
                        if (empty($_SESSION)) {
 
582
                                $_SESSION = array();
 
583
                        }
 
584
                        return true;
 
585
                } elseif (!isset($_SESSION)) {
 
586
                        session_cache_limiter ("must-revalidate");
 
587
                        session_start();
 
588
                        header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
 
589
                        return true;
 
590
                } else {
 
591
                        session_start();
 
592
                        return true;
 
593
                }
 
594
        }
 
595
 
 
596
/**
 
597
 * Helper method to create a new session.
 
598
 *
 
599
 * @return void
 
600
 * @access protected
 
601
 */
 
602
        function _checkValid() {
 
603
                if ($this->read('Config')) {
 
604
                        if ((Configure::read('Session.checkAgent') === false || $this->_userAgent == $this->read('Config.userAgent')) && $this->time <= $this->read('Config.time')) {
 
605
                                $time = $this->read('Config.time');
 
606
                                $this->write('Config.time', $this->sessionTime);
 
607
                                if (Configure::read('Security.level') === 'high') {
 
608
                                        $check = $this->read('Config.timeout');
 
609
                                        $check -= 1;
 
610
                                        $this->write('Config.timeout', $check);
 
611
 
 
612
                                        if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
 
613
                                                $this->renew();
 
614
                                                $this->write('Config.timeout', 10);
 
615
                                        }
 
616
                                }
 
617
                                $this->valid = true;
 
618
                        } else {
 
619
                                $this->destroy();
 
620
                                $this->valid = false;
 
621
                                $this->__setError(1, 'Session Highjacking Attempted !!!');
 
622
                        }
 
623
                } else {
 
624
                        $this->write('Config.userAgent', $this->_userAgent);
 
625
                        $this->write('Config.time', $this->sessionTime);
 
626
                        $this->write('Config.timeout', 10);
 
627
                        $this->valid = true;
 
628
                        $this->__setError(1, 'Session is valid');
 
629
                }
 
630
        }
 
631
 
 
632
/**
 
633
 * Helper method to restart a session.
 
634
 *
 
635
 * @return void
 
636
 * @access private
 
637
 */
 
638
        function __regenerateId() {
 
639
                $oldSessionId = session_id();
 
640
                if ($oldSessionId) {
 
641
                        if (session_id() != ''|| isset($_COOKIE[session_name()])) {
 
642
                                setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
 
643
                        }
 
644
                        session_regenerate_id(true);
 
645
                        if (PHP_VERSION < 5.1) {
 
646
                                $sessionPath = session_save_path();
 
647
                                if (empty($sessionPath)) {
 
648
                                        $sessionPath = '/tmp';
 
649
                                }
 
650
                                $newSessid = session_id();
 
651
 
 
652
                                if (function_exists('session_write_close')) {
 
653
                                        session_write_close();
 
654
                                }
 
655
                                $this->__initSession();
 
656
                                session_id($oldSessionId);
 
657
                                session_start();
 
658
                                session_destroy();
 
659
                                $file = $sessionPath . DS . 'sess_' . $oldSessionId;
 
660
                                @unlink($file);
 
661
                                $this->__initSession();
 
662
                                session_id($newSessid);
 
663
                                session_start();
 
664
                        }
 
665
                }
 
666
        }
 
667
 
 
668
/**
 
669
 * Restarts this session.
 
670
 *
 
671
 * @access public
 
672
 */
 
673
        function renew() {
 
674
                $this->__regenerateId();
 
675
        }
 
676
 
 
677
/**
 
678
 * Helper method to set an internal error message.
 
679
 *
 
680
 * @param integer $errorNumber Number of the error
 
681
 * @param string $errorMessage Description of the error
 
682
 * @return void
 
683
 * @access private
 
684
 */
 
685
        function __setError($errorNumber, $errorMessage) {
 
686
                if ($this->error === false) {
 
687
                        $this->error = array();
 
688
                }
 
689
                $this->error[$errorNumber] = $errorMessage;
 
690
                $this->lastError = $errorNumber;
 
691
        }
 
692
 
 
693
/**
 
694
 * Method called on open of a database session.
 
695
 *
 
696
 * @return boolean Success
 
697
 * @access private
 
698
 */
 
699
        function __open() {
 
700
                return true;
 
701
        }
 
702
 
 
703
/**
 
704
 * Method called on close of a database session.
 
705
 *
 
706
 * @return boolean Success
 
707
 * @access private
 
708
 */
 
709
        function __close() {
 
710
                $probability = mt_rand(1, 150);
 
711
                if ($probability <= 3) {
 
712
                        switch (Configure::read('Session.save')) {
 
713
                                case 'cache':
 
714
                                        Cache::gc();
 
715
                                break;
 
716
                                default:
 
717
                                        CakeSession::__gc();
 
718
                                break;
 
719
                        }
 
720
                }
 
721
                return true;
 
722
        }
 
723
 
 
724
/**
 
725
 * Method used to read from a database session.
 
726
 *
 
727
 * @param mixed $id The key of the value to read
 
728
 * @return mixed The value of the key or false if it does not exist
 
729
 * @access private
 
730
 */
 
731
        function __read($id) {
 
732
                $model =& ClassRegistry::getObject('Session');
 
733
 
 
734
                $row = $model->find('first', array(
 
735
                        'conditions' => array($model->primaryKey => $id)
 
736
                ));
 
737
 
 
738
                if (empty($row[$model->alias]['data'])) {
 
739
                        return false;
 
740
                }
 
741
 
 
742
                return $row[$model->alias]['data'];
 
743
        }
 
744
 
 
745
/**
 
746
 * Helper function called on write for database sessions.
 
747
 *
 
748
 * @param integer $id ID that uniquely identifies session in database
 
749
 * @param mixed $data The value of the data to be saved.
 
750
 * @return boolean True for successful write, false otherwise.
 
751
 * @access private
 
752
 */
 
753
        function __write($id, $data) {
 
754
                $expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
 
755
                $model =& ClassRegistry::getObject('Session');
 
756
                $return = $model->save(array($model->primaryKey => $id) + compact('data', 'expires'));
 
757
                return $return;
 
758
        }
 
759
 
 
760
/**
 
761
 * Method called on the destruction of a database session.
 
762
 *
 
763
 * @param integer $id ID that uniquely identifies session in database
 
764
 * @return boolean True for successful delete, false otherwise.
 
765
 * @access private
 
766
 */
 
767
        function __destroy($id) {
 
768
                $model =& ClassRegistry::getObject('Session');
 
769
                $return = $model->delete($id);
 
770
 
 
771
                return $return;
 
772
        }
 
773
 
 
774
/**
 
775
 * Helper function called on gc for database sessions.
 
776
 *
 
777
 * @param integer $expires Timestamp (defaults to current time)
 
778
 * @return boolean Success
 
779
 * @access private
 
780
 */
 
781
        function __gc($expires = null) {
 
782
                $model =& ClassRegistry::getObject('Session');
 
783
 
 
784
                if (!$expires) {
 
785
                        $expires = time();
 
786
                }
 
787
 
 
788
                $return = $model->deleteAll(array($model->alias . ".expires <" => $expires), false, false);
 
789
                return $return;
 
790
        }
 
791
}