Index: branches/5.0.x/core/kernel/session/session.php
===================================================================
diff -u -r12323 -r12368
--- branches/5.0.x/core/kernel/session/session.php (.../session.php) (revision 12323)
+++ branches/5.0.x/core/kernel/session/session.php (.../session.php) (revision 12368)
@@ -1,6 +1,6 @@
TimestampField => $session->Expiration
);
+ // default values + additional values + values set during this script run
+ $additional_fields = array_merge($additional_fields, $this->DirectVars); // used 2 times later
$fields_hash = array_merge($fields_hash, $additional_fields);
$this->Conn->doInsert($fields_hash, $this->TableName);
@@ -245,9 +247,9 @@
unset($this->OriginalData[$var]);
}
- function GetFromData(&$session, $var)
+ function GetFromData(&$session, $var, $default = false)
{
- return getArrayValue($this->OriginalData, $var);
+ return array_key_exists($var, $this->OriginalData) ? $this->OriginalData[$var] : $default;
}
function GetExpiredSIDs()
@@ -428,6 +430,13 @@
var $SessionSet = false;
/**
+ * Session ID is used from GET
+ *
+ * @var bool
+ */
+ var $_fromGet = false;
+
+ /**
* Enter description here...
*
* @var SessionStorage
@@ -444,16 +453,17 @@
var $Data;
/**
- * Names of optional session keys (which does not need to be always stored
+ * Names of optional session keys with their optional values (which does not need to be always stored)
*
- * @var array
+ * @var Array
*/
- var $OptionalData = array();
+ var $OptionalData = Array ();
- function Session($mode=smAUTO)
+ function Session($mode = smAUTO)
{
parent::kBase();
+
$this->SetMode($mode);
}
@@ -544,7 +554,7 @@
$expired_sids = $this->DeleteExpired();
$my_sid_expired = in_array($this->CachedSID, $expired_sids);
- if ( ($expired_sids && $my_sid_expired) || ($this->CachedSID && !$this->SessionSet) ) {
+ if ( ($expired_sids && $my_sid_expired) || ($this->CachedSID && !$this->_fromGet && !$this->SessionSet) ) {
$this->RemoveSessionCookie();
// true was here to force new session creation, but I (kostja) used
// RemoveCookie a line above, to avoid redirect loop with expired sid
@@ -581,51 +591,20 @@
return preg_match($reg, getArrayValue($_SERVER, 'HTTP_REFERER') ) || (defined('IS_POPUP') && IS_POPUP);
}
- /*function CheckDuplicateCookies()
- {
- if (isset($_SERVER['HTTP_COOKIE'])) {
- $cookie_str = $_SERVER['HTTP_COOKIE'];
- $cookies = explode('; ', $cookie_str);
- $all_cookies = array();
- foreach ($cookies as $cookie) {
- list($name, $value) = explode('=', $cookie);
- if (isset($all_cookies[$name])) {
- //double cookie name!!!
- $this->RemoveCookie($name);
- }
- else $all_cookies[$name] = $value;
- }
- }
- }
-
- function RemoveCookie($name)
- {
- $path = $_SERVER['PHP_SELF'];
- $path_parts = explode('/', $path);
- $cur_path = '';
- setcookie($name, false, null, $cur_path);
- foreach ($path_parts as $part) {
- $cur_path .= $part;
- setcookie($name, false, null, $cur_path);
- $cur_path .= '/';
- setcookie($name, false, null, $cur_path);
- }
- }*/
-
function CheckIfCookiesAreOn()
{
-// $this->CheckDuplicateCookies();
- if ($this->Mode == smGET_ONLY)
- {
+ if ($this->Mode == smGET_ONLY) {
//we don't need to bother checking if we would not use it
$this->CookiesEnabled = false;
return;
}
+
$http_query =& $this->Application->recallObject('HTTPQuery');
- $cookies_on = isset($http_query->Cookie['cookies_on']); // not good here
+ $cookies_on = array_key_exists('cookies_on', $http_query->Cookie); // not good here
$get_sid = getArrayValue($http_query->Get, $this->GETName);
- if ($this->IsHTTPSRedirect() && $get_sid) { //Redirect from http to https on different domain
+
+ if ($this->IsHTTPSRedirect() && $get_sid) { // Redirect from http to https on different domain
$this->OriginalMode = $this->Mode;
$this->SetMode(smGET_ONLY);
}
@@ -642,8 +621,10 @@
$this->SetCookie('cookies_on', 1, adodb_mktime() + 31104000); //one year should be enough
}
}
- else
+ else {
$this->CookiesEnabled = true;
+ }
+
return $this->CookiesEnabled;
}
@@ -677,7 +658,7 @@
//try to load session by sid, if everything is fine
$result = $this->LoadSession($sid);
- $this->SessionSet = $result;
+ $this->SessionSet = $result; // fake front-end session will given "false" here
return $result;
}
@@ -705,9 +686,13 @@
function GetPassedSIDValue($use_cache = 1)
{
- if (!empty($this->CachedSID) && $use_cache) return $this->CachedSID;
+ if (!empty($this->CachedSID) && $use_cache) {
+ return $this->CachedSID;
+ }
+
$http_query =& $this->Application->recallObject('HTTPQuery');
$get_sid = getArrayValue($http_query->Get, $this->GETName);
+ $sid_from_get = $get_sid ? true : false;
if ($this->Application->GetVar('admin') == 1 && $get_sid) {
$sid = $get_sid;
@@ -717,30 +702,37 @@
case smAUTO:
//Cookies has the priority - we ignore everything else
$sid = $this->CookiesEnabled ? $this->GetSessionCookie() : $get_sid;
+
+ if ($this->CookiesEnabled) {
+ $sid_from_get = false;
+ }
break;
+
case smCOOKIES_ONLY:
$sid = $this->GetSessionCookie();
break;
+
case smGET_ONLY:
$sid = $get_sid;
break;
+
case smCOOKIES_AND_GET:
$cookie_sid = $this->GetSessionCookie();
//both sids should match if cookies are enabled
- if (!$this->CookiesEnabled || ($cookie_sid == $get_sid))
- {
+ if (!$this->CookiesEnabled || ($cookie_sid == $get_sid)) {
$sid = $get_sid; //we use get here just in case cookies are disabled
}
- else
- {
+ else {
$sid = '';
+ $sid_from_get = false;
}
break;
}
}
-
$this->CachedSID = $sid;
+ $this->_fromGet = $sid_from_get;
+
return $this->CachedSID;
}
@@ -786,43 +778,61 @@
*/
function setSID($new_sid)
{
- $this->SID = $this->CachedSID = $new_sid;
+ $this->SID /*= $this->CachedSID*/ = $new_sid; // don't set cached sid here
$this->Application->SetVar($this->GETName,$new_sid);
}
function NeedSession()
{
$data = $this->Data->GetParams();
+
$data_keys = array_keys($data);
- $optional_keys = array_unique($this->OptionalData);
+ $optional_keys = array_keys($this->OptionalData);
$real_keys = array_diff($data_keys, $optional_keys);
+
return $real_keys ? true : false;
}
function SetSession($force = false)
{
- if ($this->SessionSet && !$force) return true;
+ if ($this->SessionSet && !$force) {
+ return true;
+ }
+
if (!$force && !($this->Application->IsAdmin() || $this->Application->GetVar('admin')) && !$this->NeedSession()) {
// don't create session (in db) on Front-End, when sid is present (GPC), but data in db isn't
- $this->GenerateSID();
+ if ($this->_fromGet) {
+ // set sid, that was given in GET
+ $this->setSID( $this->GetPassedSIDValue() );
+ } else {
+ // re-generate sid only, when cookies are used
+ $this->GenerateSID();
+ }
return false;
}
- if (!$this->SID || $force) $this->GenerateSID();
+ if (!$this->SID || $force) {
+ $this->GenerateSID();
+ }
+
$this->Expiration = adodb_mktime() + $this->SessionTimeout;
+
switch ($this->Mode) {
case smAUTO:
if ($this->CookiesEnabled) {
$this->SetSessionCookie();
}
break;
+
case smGET_ONLY:
break;
+
case smCOOKIES_ONLY:
case smCOOKIES_AND_GET:
$this->SetSessionCookie();
break;
}
+
$this->Storage->StoreSession($this);
if ($this->Application->IsAdmin() || $this->Special == 'admin') {
@@ -909,29 +919,39 @@
$this->SID = $this->CachedSID = '';
$this->SessionSet = false;
- if ($this->CookiesEnabled) $this->SetSessionCookie(); //will remove the cookie due to value (sid) is empty
+// if ($this->CookiesEnabled) {
+ // remove cookie, because we will have fake session and it should be getting sid left in cookies
+ $this->SetSessionCookie(); //will remove the cookie due to value (sid) is empty
+// }
$this->SetSession(true); //will create a new session, true to force
}
function NeedQueryString($use_cache = 1)
{
- if ($this->CachedNeedQueryString != null && $use_cache) return $this->CachedNeedQueryString;
+ if ($this->CachedNeedQueryString != null && $use_cache) {
+ return $this->CachedNeedQueryString;
+ }
$result = false;
- switch ($this->Mode)
- {
+ switch ($this->Mode) {
case smAUTO:
- if (!$this->CookiesEnabled) $result = true;
+ if (!$this->CookiesEnabled) {
+ $result = true;
+ }
break;
+
/*case smCOOKIES_ONLY:
break;*/
+
case smGET_ONLY:
case smCOOKIES_AND_GET:
$result = true;
break;
}
+
$this->CachedNeedQueryString = $result;
+
return $result;
}
@@ -940,7 +960,7 @@
$this->Data->AddParams($this->Storage->LoadData($this));
}
- function PrintSession($comment='')
+ function PrintSession($comment = '')
{
if (defined('DEBUG_MODE') && $this->Application->isDebugMode() && constOn('DBG_SHOW_SESSIONDATA')) {
// dump session data
@@ -953,7 +973,22 @@
}
}
$this->Application->Debugger->dumpVars($session_data);
+
+ // dump real keys
+ $data_keys = array_keys($session_data);
+ $optional_keys = array_keys($this->OptionalData);
+ $real_keys = array_diff($data_keys, $optional_keys);
+
+ if ($real_keys) {
+ $ret = '';
+ foreach ($real_keys as $real_key) {
+ $ret .= '[' . $real_key . '] = [' . $session_data[$real_key] . ']
';
+ }
+
+ $this->Application->Debugger->appendHTML('Real Keys:
' . $ret);
+ }
}
+
if (defined('DEBUG_MODE') && $this->Application->isDebugMode() && constOn('DBG_SHOW_PERSISTENTDATA')) {
// dump persistent session data
if ($this->Storage->PersistentVars) {
@@ -1027,6 +1062,10 @@
elseif ($this->Application->GetVar('admin')) {
// admin checking by session data to prevent recursive session save
if (!$this->RecallVar('admin')) {
+ // bug: we get recursion in this place, when cookies are disabled in browser and we are browsing
+ // front-end in admin's frame (front-end session is initialized using admin's sid and they are
+ // mixed together)
+
$admin_session =& $this->Application->recallObject('Session.admin');
/* @var $admin_session Session */
@@ -1063,6 +1102,11 @@
$params['__URLENCODE__'] = 1; // uses "&" instead of "&" for url part concatenation + replaces "\" to "%5C" (works in HTML)
+
+ if ($this->Application->GetVar('admin') && !array_key_exists('admin', $params) && !defined('EDITING_MODE')) {
+ $params['editing_mode'] = ''; // used in kApplication::Run
+ }
+
$params = array_merge($this->Application->getPassThroughVariables($params), $params);
$ret = $this->Application->BuildEnv($t, $params, 'all');
@@ -1076,9 +1120,20 @@
function StoreVar($name, $value, $optional = false)
{
$this->Data->Set($name, $value);
+
if ($optional) {
- $this->OptionalData[] = $name;
+ // make variable optional, also remember optional value
+ $this->OptionalData[$name] = $value;
}
+ elseif (!$optional && array_key_exists($name, $this->OptionalData)) {
+ if ($this->OptionalData[$name] == $value) {
+ // same value as optional -> don't remove optional mark
+ return ;
+ }
+
+ // make variable non-optional
+ unset($this->OptionalData[$name]);
+ }
}
function StorePersistentVar($name, $value)
@@ -1130,7 +1185,14 @@
*/
function RestoreVar($name)
{
- return $this->StoreVar($name, $this->Storage->GetFromData($this, $name));
+ $value = $this->Storage->GetFromData($this, $name, '__missing__');
+
+ if ($value === '__missing__') {
+ // there is nothing to restore (maybe session was not saved), look in optional variable values
+ $value = array_key_exists($name, $this->OptionalData) ? $this->OptionalData[$name] : false;
+ }
+
+ return $this->StoreVar($name, $value);
}
function GetField($var_name, $default = false)