chamilo_session.class.php 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. <?php
  2. use Symfony\Component\HttpFoundation\Session\Session;
  3. use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorage;
  4. /**
  5. * Chamilo session (i.e. the session that maintains the connection open after usr login)
  6. *
  7. * Usage:
  8. *
  9. *
  10. * use ChamiloSession as Session;
  11. *
  12. * Session::read('name');
  13. *
  14. * Or
  15. *
  16. * Chamilo::session()->...
  17. * session()->...
  18. *
  19. * @license see /license.txt
  20. * @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
  21. */
  22. /**
  23. * @todo use session symfony component
  24. * @todo replace all $_SESSION calls with this class.
  25. * @todo remove System\Session class
  26. * ChamiloSession class definition
  27. */
  28. class ChamiloSession extends System\Session
  29. {
  30. const NAME = 'ch_sid';
  31. /**
  32. * Generate new session instance
  33. * @return ChamiloSession
  34. */
  35. public static function instance()
  36. {
  37. static $result = null;
  38. if (empty($result)) {
  39. $result = new ChamiloSession();
  40. }
  41. return $result;
  42. }
  43. /**
  44. * Returns the session lifetime
  45. * @return int The session lifetime as defined in the config file, in seconds
  46. */
  47. public static function session_lifetime()
  48. {
  49. global $_configuration;
  50. return $_configuration['session_lifetime'];
  51. }
  52. /**
  53. * Starts the Chamilo session.
  54. *
  55. * The default lifetime for session is set here. It is not possible to have it
  56. * as a database setting as it is used before the database connection has been made.
  57. * It is taken from the configuration file, and if it doesn't exist there, it is set
  58. * to 360000 seconds
  59. *
  60. * @author Olivier Brouckaert
  61. * @param string variable - the variable name to save into the session
  62. * @return void
  63. */
  64. public static function start($already_installed = true)
  65. {
  66. /*
  67. * Prevent Session fixation bug fixes
  68. * See http://support.chamilo.org/issues/3600
  69. * http://php.net/manual/en/session.configuration.php
  70. * @todo use session_set_cookie_params with some custom admin parameters
  71. */
  72. //session.cookie_lifetime
  73. //the session ID is only accepted from a cookie
  74. ini_set('session.use_only_cookies', 1);
  75. //HTTPS only if possible
  76. //ini_set('session.cookie_secure', 1);
  77. //session ID in the cookie is only readable by the server
  78. ini_set('session.cookie_httponly', 1);
  79. //Use entropy file
  80. //session.entropy_file
  81. //ini_set('session.entropy_length', 128);
  82. //Do not include the identifier in the URL, and not to read the URL for
  83. // identifiers.
  84. ini_set('session.use_trans_sid', 0);
  85. session_name(self::NAME);
  86. session_start();
  87. $session = self::instance();
  88. if ($already_installed) {
  89. if (!isset($session['checkChamiloURL'])) {
  90. $session['checkChamiloURL'] = api_get_path(WEB_PATH);
  91. } elseif ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {
  92. self::clear();
  93. }
  94. }
  95. /*if (!$session->has('starttime') && !$session->is_expired()) {
  96. $session->write('starttime', time());
  97. }*/
  98. // If the session time has expired, refresh the starttime value,
  99. // so we're starting to count down from a later time
  100. if ($session->has('starttime') && $session->is_expired()) {
  101. $session->destroy();
  102. } else {
  103. //error_log('Time not expired, extend session for a bit more');
  104. $session->write('starttime', time());
  105. }
  106. }
  107. /**
  108. * Session start time: that is the last time the user loaded a page (before this time)
  109. * @return int timestamp
  110. */
  111. public function start_time()
  112. {
  113. return self::read('starttime');
  114. }
  115. /**
  116. * Session end time: when the session expires. This is made of the last page
  117. * load time + a number of seconds
  118. * @return int UNIX timestamp (server's timezone)
  119. */
  120. public function end_time()
  121. {
  122. $start_time = $this->start_time();
  123. $lifetime = self::session_lifetime();
  124. return $start_time + $lifetime;
  125. }
  126. /**
  127. * Returns whether the session is expired
  128. * @return bool True if the session is expired, false if it is still valid
  129. */
  130. public function is_expired()
  131. {
  132. return $this->end_time() < time();
  133. }
  134. }