* @link http://www.yiiframework.com/ * @copyright 2008-2013 Yii Software LLC * @license http://www.yiiframework.com/license/ */ /** * CHttpSession provides session-level data management and the related configurations. * * To start the session, call {@link open()}; To complete and send out session data, call {@link close()}; * To destroy the session, call {@link destroy()}. * * If {@link autoStart} is set true, the session will be started automatically * when the application component is initialized by the application. * * CHttpSession can be used like an array to set and get session data. For example, *
 *   $session=new CHttpSession;
 *   $session->open();
 *   $value1=$session['name1'];  // get session variable 'name1'
 *   $value2=$session['name2'];  // get session variable 'name2'
 *   foreach($session as $name=>$value) // traverse all session variables
 *   $session['name3']=$value3;  // set session variable 'name3'
 * 
* * The following configurations are available for session: * * See the corresponding setter and getter documentation for more information. * Note, these properties must be set before the session is started. * * CHttpSession can be extended to support customized session storage. * Override {@link openSession}, {@link closeSession}, {@link readSession}, * {@link writeSession}, {@link destroySession} and {@link gcSession} * and set {@link useCustomStorage} to true. * Then, the session data will be stored and retrieved using the above methods. * * CHttpSession is a Web application component that can be accessed via * {@link CWebApplication::getSession()}. * * @property boolean $useCustomStorage Whether to use custom storage. * @property boolean $isStarted Whether the session has started. * @property string $sessionID The current session ID. * @property string $sessionName The current session name. * @property string $savePath The current session save path, defaults to {@link http://php.net/session.save_path}. * @property array $cookieParams The session cookie parameters. * @property string $cookieMode How to use cookie to store session ID. Defaults to 'Allow'. * @property float $gCProbability The probability (percentage) that the gc (garbage collection) process is started on every session initialization, defaults to 1 meaning 1% chance. * @property boolean $useTransparentSessionID Whether transparent sid support is enabled or not, defaults to false. * @property integer $timeout The number of seconds after which data will be seen as 'garbage' and cleaned up, defaults to 1440 seconds. * @property CHttpSessionIterator $iterator An iterator for traversing the session variables. * @property integer $count The number of session variables. * @property array $keys The list of session variable names. * * @author Qiang Xue * @package system.web * @since 1.0 */ class CHttpSession extends CApplicationComponent implements IteratorAggregate,ArrayAccess,Countable { /** * @var boolean whether the session should be automatically started when the session application component is initialized, defaults to true. */ public $autoStart=true; /** * Initializes the application component. * This method is required by IApplicationComponent and is invoked by application. */ public function init() { parent::init(); if($this->autoStart) $this->open(); register_shutdown_function(array($this,'close')); } /** * Returns a value indicating whether to use custom session storage. * This method should be overriden to return true if custom session storage handler should be used. * If returning true, make sure the methods {@link openSession}, {@link closeSession}, {@link readSession}, * {@link writeSession}, {@link destroySession}, and {@link gcSession} are overridden in child * class, because they will be used as the callback handlers. * The default implementation always return false. * @return boolean whether to use custom storage. */ public function getUseCustomStorage() { return false; } /** * Starts the session if it has not started yet. */ public function open() { if($this->getUseCustomStorage()) @session_set_save_handler(array($this,'openSession'),array($this,'closeSession'),array($this,'readSession'),array($this,'writeSession'),array($this,'destroySession'),array($this,'gcSession')); @session_start(); if(YII_DEBUG && session_id()=='') { $message=Yii::t('yii','Failed to start session.'); if(function_exists('error_get_last')) { $error=error_get_last(); if(isset($error['message'])) $message=$error['message']; } Yii::log($message, CLogger::LEVEL_WARNING, 'system.web.CHttpSession'); } } /** * Ends the current session and store session data. */ public function close() { if(session_id()!=='') @session_write_close(); } /** * Frees all session variables and destroys all data registered to a session. */ public function destroy() { if(session_id()!=='') { @session_unset(); @session_destroy(); } } /** * @return boolean whether the session has started */ public function getIsStarted() { return session_id()!==''; } /** * @return string the current session ID */ public function getSessionID() { return session_id(); } /** * @param string $value the session ID for the current session */ public function setSessionID($value) { session_id($value); } /** * Updates the current session id with a newly generated one . * Please refer to {@link http://php.net/session_regenerate_id} for more details. * @param boolean $deleteOldSession Whether to delete the old associated session file or not. * @since 1.1.8 */ public function regenerateID($deleteOldSession=false) { if($this->getIsStarted()) session_regenerate_id($deleteOldSession); } /** * @return string the current session name */ public function getSessionName() { return session_name(); } /** * @param string $value the session name for the current session, must be an alphanumeric string, defaults to PHPSESSID */ public function setSessionName($value) { session_name($value); } /** * @return string the current session save path, defaults to {@link http://php.net/session.save_path}. */ public function getSavePath() { return session_save_path(); } /** * @param string $value the current session save path * @throws CException if the path is not a valid directory */ public function setSavePath($value) { if(is_dir($value)) session_save_path($value); else throw new CException(Yii::t('yii','CHttpSession.savePath "{path}" is not a valid directory.', array('{path}'=>$value))); } /** * @return array the session cookie parameters. * @see http://us2.php.net/manual/en/function.session-get-cookie-params.php */ public function getCookieParams() { return session_get_cookie_params(); } /** * Sets the session cookie parameters. * The effect of this method only lasts for the duration of the script. * Call this method before the session starts. * @param array $value cookie parameters, valid keys include: lifetime, path, * domain, secure, httponly. Note that httponly is all lowercase. * @see http://us2.php.net/manual/en/function.session-set-cookie-params.php */ public function setCookieParams($value) { $data=session_get_cookie_params(); extract($data); extract($value); if(isset($httponly)) session_set_cookie_params($lifetime,$path,$domain,$secure,$httponly); else session_set_cookie_params($lifetime,$path,$domain,$secure); } /** * @return string how to use cookie to store session ID. Defaults to 'Allow'. */ public function getCookieMode() { if(ini_get('session.use_cookies')==='0') return 'none'; elseif(ini_get('session.use_only_cookies')==='0') return 'allow'; else return 'only'; } /** * @param string $value how to use cookie to store session ID. Valid values include 'none', 'allow' and 'only'. */ public function setCookieMode($value) { if($value==='none') { ini_set('session.use_cookies','0'); ini_set('session.use_only_cookies','0'); } elseif($value==='allow') { ini_set('session.use_cookies','1'); ini_set('session.use_only_cookies','0'); } elseif($value==='only') { ini_set('session.use_cookies','1'); ini_set('session.use_only_cookies','1'); } else throw new CException(Yii::t('yii','CHttpSession.cookieMode can only be "none", "allow" or "only".')); } /** * @return float the probability (percentage) that the gc (garbage collection) process is started on every session initialization, defaults to 1 meaning 1% chance. */ public function getGCProbability() { return (float)(ini_get('session.gc_probability')/ini_get('session.gc_divisor')*100); } /** * @param float $value the probability (percentage) that the gc (garbage collection) process is started on every session initialization. * @throws CException if the value is beyond [0,100] */ public function setGCProbability($value) { if($value>=0 && $value<=100) { // percent * 21474837 / 2147483647 ≈ percent * 0.01 ini_set('session.gc_probability',floor($value*21474836.47)); ini_set('session.gc_divisor',2147483647); } else throw new CException(Yii::t('yii','CHttpSession.gcProbability "{value}" is invalid. It must be a float between 0 and 100.', array('{value}'=>$value))); } /** * @return boolean whether transparent sid support is enabled or not, defaults to false. */ public function getUseTransparentSessionID() { return ini_get('session.use_trans_sid')==1; } /** * @param boolean $value whether transparent sid support is enabled or not. */ public function setUseTransparentSessionID($value) { ini_set('session.use_trans_sid',$value?'1':'0'); } /** * @return integer the number of seconds after which data will be seen as 'garbage' and cleaned up, defaults to 1440 seconds. */ public function getTimeout() { return (int)ini_get('session.gc_maxlifetime'); } /** * @param integer $value the number of seconds after which data will be seen as 'garbage' and cleaned up */ public function setTimeout($value) { ini_set('session.gc_maxlifetime',$value); } /** * Session open handler. * This method should be overridden if {@link useCustomStorage} is set true. * Do not call this method directly. * @param string $savePath session save path * @param string $sessionName session name * @return boolean whether session is opened successfully */ public function openSession($savePath,$sessionName) { return true; } /** * Session close handler. * This method should be overridden if {@link useCustomStorage} is set true. * Do not call this method directly. * @return boolean whether session is closed successfully */ public function closeSession() { return true; } /** * Session read handler. * This method should be overridden if {@link useCustomStorage} is set true. * Do not call this method directly. * @param string $id session ID * @return string the session data */ public function readSession($id) { return ''; } /** * Session write handler. * This method should be overridden if {@link useCustomStorage} is set true. * Do not call this method directly. * @param string $id session ID * @param string $data session data * @return boolean whether session write is successful */ public function writeSession($id,$data) { return true; } /** * Session destroy handler. * This method should be overridden if {@link useCustomStorage} is set true. * Do not call this method directly. * @param string $id session ID * @return boolean whether session is destroyed successfully */ public function destroySession($id) { return true; } /** * Session GC (garbage collection) handler. * This method should be overridden if {@link useCustomStorage} is set true. * Do not call this method directly. * @param integer $maxLifetime the number of seconds after which data will be seen as 'garbage' and cleaned up. * @return boolean whether session is GCed successfully */ public function gcSession($maxLifetime) { return true; } //------ The following methods enable CHttpSession to be CMap-like ----- /** * Returns an iterator for traversing the session variables. * This method is required by the interface IteratorAggregate. * @return CHttpSessionIterator an iterator for traversing the session variables. */ public function getIterator() { return new CHttpSessionIterator; } /** * Returns the number of items in the session. * @return integer the number of session variables */ public function getCount() { return count($_SESSION); } /** * Returns the number of items in the session. * This method is required by Countable interface. * @return integer number of items in the session. */ public function count() { return $this->getCount(); } /** * @return array the list of session variable names */ public function getKeys() { return array_keys($_SESSION); } /** * Returns the session variable value with the session variable name. * This method is very similar to {@link itemAt} and {@link offsetGet}, * except that it will return $defaultValue if the session variable does not exist. * @param mixed $key the session variable name * @param mixed $defaultValue the default value to be returned when the session variable does not exist. * @return mixed the session variable value, or $defaultValue if the session variable does not exist. * @since 1.1.2 */ public function get($key,$defaultValue=null) { return isset($_SESSION[$key]) ? $_SESSION[$key] : $defaultValue; } /** * Returns the session variable value with the session variable name. * This method is exactly the same as {@link offsetGet}. * @param mixed $key the session variable name * @return mixed the session variable value, null if no such variable exists */ public function itemAt($key) { return isset($_SESSION[$key]) ? $_SESSION[$key] : null; } /** * Adds a session variable. * Note, if the specified name already exists, the old value will be removed first. * @param mixed $key session variable name * @param mixed $value session variable value */ public function add($key,$value) { $_SESSION[$key]=$value; } /** * Removes a session variable. * @param mixed $key the name of the session variable to be removed * @return mixed the removed value, null if no such session variable. */ public function remove($key) { if(isset($_SESSION[$key])) { $value=$_SESSION[$key]; unset($_SESSION[$key]); return $value; } else return null; } /** * Removes all session variables */ public function clear() { foreach(array_keys($_SESSION) as $key) unset($_SESSION[$key]); } /** * @param mixed $key session variable name * @return boolean whether there is the named session variable */ public function contains($key) { return isset($_SESSION[$key]); } /** * @return array the list of all session variables in array */ public function toArray() { return $_SESSION; } /** * This method is required by the interface ArrayAccess. * @param mixed $offset the offset to check on * @return boolean */ public function offsetExists($offset) { return isset($_SESSION[$offset]); } /** * This method is required by the interface ArrayAccess. * @param integer $offset the offset to retrieve element. * @return mixed the element at the offset, null if no element is found at the offset */ public function offsetGet($offset) { return isset($_SESSION[$offset]) ? $_SESSION[$offset] : null; } /** * This method is required by the interface ArrayAccess. * @param integer $offset the offset to set element * @param mixed $item the element value */ public function offsetSet($offset,$item) { $_SESSION[$offset]=$item; } /** * This method is required by the interface ArrayAccess. * @param mixed $offset the offset to unset element */ public function offsetUnset($offset) { unset($_SESSION[$offset]); } }