From a675271ad71b7713d1b33bdba3c51b2b04813229 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 15 Nov 2015 12:50:33 -0500 Subject: Rewrite of session management --- app/Core/Session/FlashMessage.php | 71 +++++++++++++++++++++++++ app/Core/Session/SessionManager.php | 102 ++++++++++++++++++++++++++++++++++++ app/Core/Session/SessionStorage.php | 71 +++++++++++++++++++++++++ 3 files changed, 244 insertions(+) create mode 100644 app/Core/Session/FlashMessage.php create mode 100644 app/Core/Session/SessionManager.php create mode 100644 app/Core/Session/SessionStorage.php (limited to 'app/Core/Session') diff --git a/app/Core/Session/FlashMessage.php b/app/Core/Session/FlashMessage.php new file mode 100644 index 00000000..e02d056d --- /dev/null +++ b/app/Core/Session/FlashMessage.php @@ -0,0 +1,71 @@ +setMessage('success', $message); + } + + /** + * Add failure message + * + * @access public + * @param string $message + */ + public function failure($message) + { + $this->setMessage('failure', $message); + } + + /** + * Add new flash message + * + * @access public + * @param string $key + * @param string $message + */ + public function setMessage($key, $message) + { + if (! isset($this->sessionStorage->flash)) { + $this->sessionStorage->flash = array(); + } + + $this->sessionStorage->flash[$key] = $message; + } + + /** + * Get flash message + * + * @access public + * @param string $key + * @return string + */ + public function getMessage($key) + { + $message = ''; + + if (isset($this->sessionStorage->flash[$key])) { + $message = $this->sessionStorage->flash[$key]; + unset($this->sessionStorage->flash[$key]); + } + + return $message; + } +} diff --git a/app/Core/Session/SessionManager.php b/app/Core/Session/SessionManager.php new file mode 100644 index 00000000..6153efeb --- /dev/null +++ b/app/Core/Session/SessionManager.php @@ -0,0 +1,102 @@ +configure(); + + if (ini_get('session.auto_start') == 1) { + session_destroy(); + } + + session_name('KB_SID'); + session_start(); + + $this->container['sessionStorage']->setStorage($_SESSION); + } + + /** + * Destroy the session + * + * @access public + */ + public function close() + { + // Destroy the session cookie + $params = session_get_cookie_params(); + + setcookie( + session_name(), + '', + time() - 42000, + $params['path'], + $params['domain'], + $params['secure'], + $params['httponly'] + ); + + session_unset(); + session_destroy(); + } + + /** + * Define session settings + * + * @access private + */ + private function configure() + { + // Session cookie: HttpOnly and secure flags + session_set_cookie_params( + SESSION_DURATION, + $this->helper->url->dir() ?: '/', + null, + Request::isHTTPS(), + true + ); + + // Avoid session id in the URL + ini_set('session.use_only_cookies', '1'); + ini_set('session.use_trans_sid', '0'); + + // Enable strict mode + ini_set('session.use_strict_mode', '1'); + + // Better session hash + ini_set('session.hash_function', 'sha512'); + ini_set('session.hash_bits_per_character', 6); + + // Set an additional entropy + ini_set('session.entropy_file', '/dev/urandom'); + ini_set('session.entropy_length', '256'); + } +} diff --git a/app/Core/Session/SessionStorage.php b/app/Core/Session/SessionStorage.php new file mode 100644 index 00000000..54d803f7 --- /dev/null +++ b/app/Core/Session/SessionStorage.php @@ -0,0 +1,71 @@ +storage =& $storage; + + // Load dynamically existing session variables into object properties + foreach ($storage as $key => $value) { + $this->$key = $value; + } + } + + /** + * Get all session variables + * + * @access public + * @return array + */ + public function getAll() + { + $session = get_object_vars($this); + unset($session['storage']); + + return $session; + } + + /** + * Copy class properties to external storage + * + * @access public + */ + public function __destruct() + { + $this->storage = $this->getAll(); + } +} -- cgit v1.2.3