diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-11-15 12:50:33 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-11-15 12:50:33 -0500 |
| commit | a675271ad71b7713d1b33bdba3c51b2b04813229 (patch) | |
| tree | e54d8a95e16ca521193b9fd5a5eb071aa2910823 /app/Core/Session.php | |
| parent | 2fc402f6733573627ad25394d109b9f848ef04f6 (diff) | |
Rewrite of session management
Diffstat (limited to 'app/Core/Session.php')
| -rw-r--r-- | app/Core/Session.php | 144 |
1 files changed, 0 insertions, 144 deletions
diff --git a/app/Core/Session.php b/app/Core/Session.php deleted file mode 100644 index dd1e760e..00000000 --- a/app/Core/Session.php +++ /dev/null @@ -1,144 +0,0 @@ -<?php - -namespace Kanboard\Core; - -use ArrayAccess; -use Kanboard\Core\Http\Request; - -/** - * Session class - * - * @package core - * @author Frederic Guillot - */ -class Session implements ArrayAccess -{ - /** - * Return true if the session is open - * - * @static - * @access public - * @return boolean - */ - public static function isOpen() - { - return session_id() !== ''; - } - - /** - * Open a session - * - * @access public - * @param string $base_path Cookie path - */ - public function open($base_path = '/') - { - // HttpOnly and secure flags for session cookie - session_set_cookie_params( - SESSION_DURATION, - $base_path ?: '/', - null, - Request::isHTTPS(), - true - ); - - // Avoid session id in the URL - ini_set('session.use_only_cookies', '1'); - - // Enable strict mode - if (version_compare(PHP_VERSION, '7.0.0') < 0) { - ini_set('session.use_strict_mode', '1'); - } - - // Ensure session ID integrity - ini_set('session.entropy_file', '/dev/urandom'); - ini_set('session.entropy_length', '32'); - ini_set('session.hash_bits_per_character', 6); - - // If the session was autostarted with session.auto_start = 1 in php.ini destroy it - if (isset($_SESSION)) { - session_destroy(); - } - - // Custom session name - session_name('__S'); - - // Start the session - session_start(); - - // Regenerate the session id to avoid session fixation issue - if (empty($_SESSION['__validated'])) { - session_regenerate_id(true); - $_SESSION['__validated'] = 1; - } - } - - /** - * Destroy the session - * - * @access public - */ - public function close() - { - // Flush all sessions variables - $_SESSION = array(); - - // Destroy the session cookie - $params = session_get_cookie_params(); - - setcookie( - session_name(), - '', - time() - 42000, - $params['path'], - $params['domain'], - $params['secure'], - $params['httponly'] - ); - - // Destroy session data - session_destroy(); - } - - /** - * Register a flash message (success notification) - * - * @access public - * @param string $message Message - */ - public function flash($message) - { - $_SESSION['flash_message'] = $message; - } - - /** - * Register a flash error message (error notification) - * - * @access public - * @param string $message Message - */ - public function flashError($message) - { - $_SESSION['flash_error_message'] = $message; - } - - public function offsetSet($offset, $value) - { - $_SESSION[$offset] = $value; - } - - public function offsetExists($offset) - { - return isset($_SESSION[$offset]); - } - - public function offsetUnset($offset) - { - unset($_SESSION[$offset]); - } - - public function offsetGet($offset) - { - return isset($_SESSION[$offset]) ? $_SESSION[$offset] : null; - } -} |