3 * MediaWiki session provider base class
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
24 namespace MediaWiki\Session
;
29 * An ImmutableSessionProviderWithCookie doesn't persist the user, but
30 * optionally can use a cookie to support multiple IDs per session.
32 * As mentioned in the documentation for SessionProvider, many methods that are
33 * technically "cannot persist ID" could be turned into "can persist ID but
34 * not changing User" using a session cookie. This class implements such an
35 * optional session cookie.
40 abstract class ImmutableSessionProviderWithCookie
extends SessionProvider
{
42 /** @var string|null */
43 protected $sessionCookieName = null;
44 protected $sessionCookieOptions = array();
47 * @param array $params Keys include:
48 * - sessionCookieName: Session cookie name, if multiple sessions per
49 * client are to be supported.
50 * - sessionCookieOptions: Options to pass to WebResponse::setCookie().
52 public function __construct( $params = array() ) {
53 parent
::__construct();
55 if ( isset( $params['sessionCookieName'] ) ) {
56 if ( !is_string( $params['sessionCookieName'] ) ) {
57 throw new \
InvalidArgumentException( 'sessionCookieName must be a string' );
59 $this->sessionCookieName
= $params['sessionCookieName'];
61 if ( isset( $params['sessionCookieOptions'] ) ) {
62 if ( !is_array( $params['sessionCookieOptions'] ) ) {
63 throw new \
InvalidArgumentException( 'sessionCookieOptions must be an array' );
65 $this->sessionCookieOptions
= $params['sessionCookieOptions'];
70 * Get the session ID from the cookie, if any.
72 * Only call this if $this->sessionCookieName !== null. If
73 * sessionCookieName is null, do some logic (probably involving a call to
74 * $this->hashToSessionId()) to create the single session ID corresponding
75 * to this WebRequest instead of calling this method.
77 * @param WebRequest $request
80 protected function getSessionIdFromCookie( WebRequest
$request ) {
81 if ( $this->sessionCookieName
=== null ) {
82 throw new \
BadMethodCallException(
83 __METHOD__
. ' may not be called when $this->sessionCookieName === null'
87 $prefix = isset( $this->sessionCookieOptions
['prefix'] )
88 ?
$this->sessionCookieOptions
['prefix']
89 : $this->config
->get( 'CookiePrefix' );
90 $id = $request->getCookie( $this->sessionCookieName
, $prefix );
91 return SessionManager
::validateSessionId( $id ) ?
$id : null;
94 public function persistsSessionId() {
95 return $this->sessionCookieName
!== null;
98 public function canChangeUser() {
102 public function persistSession( SessionBackend
$session, WebRequest
$request ) {
103 if ( $this->sessionCookieName
=== null ) {
107 $response = $request->response();
108 if ( $response->headersSent() ) {
109 // Can't do anything now
110 $this->logger
->debug( __METHOD__
. ': Headers already sent' );
114 $options = $this->sessionCookieOptions
;
115 if ( $session->shouldForceHTTPS() ||
$session->getUser()->requiresHTTPS() ) {
116 $response->setCookie( 'forceHTTPS', 'true', $session->shouldRememberUser() ?
0 : null,
117 array( 'prefix' => '', 'secure' => false ) +
$options );
118 $options['secure'] = true;
121 $response->setCookie( $this->sessionCookieName
, $session->getId(), null, $options );
124 public function unpersistSession( WebRequest
$request ) {
125 if ( $this->sessionCookieName
=== null ) {
129 $response = $request->response();
130 if ( $response->headersSent() ) {
131 // Can't do anything now
132 $this->logger
->debug( __METHOD__
. ': Headers already sent' );
136 $response->clearCookie( $this->sessionCookieName
, $this->sessionCookieOptions
);
139 public function getVaryCookies() {
140 if ( $this->sessionCookieName
=== null ) {
144 $prefix = isset( $this->sessionCookieOptions
['prefix'] )
145 ?
$this->sessionCookieOptions
['prefix']
146 : $this->config
->get( 'CookiePrefix' );
147 return array( $prefix . $this->sessionCookieName
);
150 public function whyNoSession() {
151 return wfMessage( 'sessionprovider-nocookies' );