ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
Static Public Member Functions | Data Fields | Static Private Member Functions | Static Private Attributes
ilSessionControl Class Reference
+ Collaboration diagram for ilSessionControl:

Static Public Member Functions

static checkExpiredSession ()
 checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called before session_start() is called
static initSession ()
 mark session with type regarding to the context.
static handleLoginEvent ($a_login, $a_auth)
 when current session is allowed to be created it marks it with type regarding to the sessions user context.
static handleLogoutEvent ()
 reset sessions type to unknown
static getSettingFields ()
 returns the array of setting fields

Data Fields

const INTERNAL_DEBUG = false
 this controls the debuggin into a separate logfile (.
const DEFAULT_MAX_COUNT = 0
 default value for settings that have not been defined in setup or administration yet
const DEFAULT_MIN_IDLE = 15
const DEFAULT_MAX_IDLE = 30
const DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST = 1
const DEFAULT_ALLOW_CLIENT_MAINTENANCE = 1
const SESSION_TYPE_UNKNOWN = 0
 session types from which one is assigned to each session
const SESSION_TYPE_SYSTEM = 1
const SESSION_TYPE_ADMIN = 2
const SESSION_TYPE_USER = 3
const SESSION_TYPE_ANONYM = 4

Static Private Member Functions

static checkCurrentSessionIsAllowed (Auth $a_auth)
 checks wether the current session exhaust the limit of sessions when limit is reached it deletes "firstRequestAbidencer" and checks again when limit is still reached it deletes "oneMinIdleSession" and checks again when limit is still reached the current session will be logged out
static getExistingSessionCount (array $a_types)
 returns number of valid sessions relating to given session types
static kickOneMinIdleSession (array $a_types)
 if sessions exist that relates to given session types and idled longer than min idle parameter, this method deletes one of these sessions
static kickFirstRequestAbidencer (array $a_types)
 kicks sessions of users that abidence after login so people could not login and go for coffe break ;-)
static isValidSession ($a_sid)
 checks if session exists for given id and if it is still valid
static removeSessionCookie ()
 removes a session cookie, so it is not sent by browser anymore
static checkAdministrationPermission ($a_user_id)
 checks wether a given user login relates to an user with administrative permissions
static debug ($a_debug_log_message)
 logs the given debug message in ilLog

Static Private Attributes

static $setting_fields
 all fieldnames that are saved in settings table
static $session_types_controlled
static $session_types_not_controlled
 all session types that will be involved when count of sessions will be determined or when idleing sessions will be destroyed

Detailed Description

Author
Bjoern Heyser bheys.nosp@m.er@d.nosp@m.ataba.nosp@m.y.de
Version
$Id$

Definition at line 11 of file class.ilSessionControl.php.

Member Function Documentation

static ilSessionControl::checkAdministrationPermission (   $a_user_id)
staticprivate

checks wether a given user login relates to an user with administrative permissions

ilRbacSystem $rbacsystem

Parameters
integer$a_user_id
Returns
boolean access

Definition at line 456 of file class.ilSessionControl.php.

Referenced by handleLoginEvent().

{
if( !(int)$a_user_id ) return false;
global $rbacsystem;
$access = $rbacsystem->checkAccessOfUser(
$a_user_id, 'read,visible', SYSTEM_FOLDER_ID
);
return $access;
}

+ Here is the caller graph for this function:

static ilSessionControl::checkCurrentSessionIsAllowed ( Auth  $a_auth)
staticprivate

checks wether the current session exhaust the limit of sessions when limit is reached it deletes "firstRequestAbidencer" and checks again when limit is still reached it deletes "oneMinIdleSession" and checks again when limit is still reached the current session will be logged out

ilSetting $ilSetting ilAppEventHandler $ilAppEventHandler

Parameters
Auth$a_auth

Definition at line 229 of file class.ilSessionControl.php.

References $ilSetting, debug(), DEFAULT_MAX_COUNT, getExistingSessionCount(), kickFirstRequestAbidencer(), kickOneMinIdleSession(), Auth\logout(), and ilUtil\redirect().

Referenced by handleLoginEvent().

{
global $ilSetting;
$max_sessions = (int)$ilSetting->get('session_max_count', DEFAULT_MAX_COUNT);
if($max_sessions > 0)
{
// get total number of sessions
$num_sessions = self::getExistingSessionCount(self::$session_types_controlled);
self::debug(__METHOD__."--> total existing sessions (".$num_sessions.")");
if(($num_sessions + 1) > $max_sessions)
{
self::debug(__METHOD__.' --> limit for session pool reached, but try kicking some first request abidencer');
self::kickFirstRequestAbidencer(self::$session_types_controlled);
// get total number of sessions again
$num_sessions = self::getExistingSessionCount(self::$session_types_controlled);
if(($num_sessions + 1) > $max_sessions)
{
self::debug(__METHOD__.' --> limit for session pool still reached so try kick one min idle session');
self::kickOneMinIdleSession(self::$session_types_controlled);
// get total number of sessions again
$num_sessions = self::getExistingSessionCount(self::$session_types_controlled);
if(($num_sessions + 1) > $max_sessions)
{
self::debug(__METHOD__.' --> limit for session pool still reached so logout session ('.session_id().') and trigger event');
$a_auth->logout();
// Trigger reachedSessionPoolLimit Event
global $ilAppEventHandler;
$ilAppEventHandler->raise(
'Services/Authentication', 'reachedSessionPoolLimit', array()
);
ilUtil::redirect('login.php?reached_session_limit=true');
}
else
{
self::debug(__METHOD__.' --> limit of session pool not reached anymore after kicking one min idle session');
}
}
else
{
self::debug(__METHOD__.' --> limit of session pool not reached anymore after kicking some first request abidencer');
}
}
else
{
self::debug(__METHOD__.' --> limit for session pool not reached yet');
}
}
else
{
self::debug(__METHOD__.' --> limit for session pool not set so check is bypassed');
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::checkExpiredSession ( )
static

checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called before session_start() is called

ilSetting $ilSetting ilLanguage $lng ilAppEventHandler $ilAppEventHandler

Definition at line 84 of file class.ilSessionControl.php.

References $_COOKIE, $_GET, $ilSetting, $lng, debug(), isValidSession(), ilUtil\redirect(), and removeSessionCookie().

Referenced by ilAuthUtils\_initAuth().

{
global $ilSetting;
// do not check session in fixed duration mode
if( $ilSetting->get('session_handling_type', 0) != 1 )
return;
// check for expired sessions makes sense
// only when public section is not enabled
// because it is not possible to determine
// wether the sid cookie relates to a session of an
// authenticated user or a anonymous user
// when the session dataset has allready been deleted
if(!$ilSetting->get("pub_section"))
{
global $lng;
$sid = null;
if( !isset($_COOKIE[session_name()]) || !strlen($_COOKIE[session_name()]) )
{
self::debug('Browser did not send a sid cookie');
}
else
{
$sid = $_COOKIE[session_name()];
self::debug('Browser sent sid cookie with value ('.$sid.')');
if(!self::isValidSession($sid))
{
self::debug('remove session cookie for ('.$sid.') and trigger event');
self::removeSessionCookie();
// Trigger expiredSessionDetected Event
global $ilAppEventHandler;
$ilAppEventHandler->raise(
'Services/Authentication', 'expiredSessionDetected', array()
);
ilUtil::redirect('login.php?expired=true'.'&target='.$_GET['target']);
}
}
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::debug (   $a_debug_log_message)
staticprivate

logs the given debug message in ilLog

ilLog $ilLog

Parameters
string$a_debug_log_message

Definition at line 475 of file class.ilSessionControl.php.

References $ilLog.

Referenced by checkCurrentSessionIsAllowed(), checkExpiredSession(), handleLoginEvent(), handleLogoutEvent(), initSession(), isValidSession(), kickFirstRequestAbidencer(), kickOneMinIdleSession(), and removeSessionCookie().

{
global $ilLog;
if(DEVMODE) $ilLog->write($a_debug_log_message, 'message');
if(self::INTERNAL_DEBUG) error_log($a_debug_log_message."\n", 3, 'session.log');
}

+ Here is the caller graph for this function:

static ilSessionControl::getExistingSessionCount ( array  $a_types)
staticprivate

returns number of valid sessions relating to given session types

ilDB $ilDB

Parameters
array$a_types
Returns
integer num_sessions

Definition at line 302 of file class.ilSessionControl.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by checkCurrentSessionIsAllowed().

{
global $ilDB;
$ts = time();
$query = "SELECT count(session_id) AS num_sessions FROM usr_session ".
"WHERE expires > %s ".
"AND ".$ilDB->in('type', $a_types, false, 'integer');
$res = $ilDB->queryF($query, array('integer'), array($ts));
$row = $res->fetchRow(DB_FETCHMODE_OBJECT);
return $row->num_sessions;
}

+ Here is the caller graph for this function:

static ilSessionControl::getSettingFields ( )
static

returns the array of setting fields

Returns
array setting_fields

Definition at line 489 of file class.ilSessionControl.php.

References $setting_fields.

Referenced by ilSetup\checkClientSessionSettings(), ilSetupGUI\displaySessions(), ilSetup\getSessionSettings(), and ilSetup\setSessionSettings().

{
return self::$setting_fields;
}

+ Here is the caller graph for this function:

static ilSessionControl::handleLoginEvent (   $a_login,
  $a_auth 
)
static

when current session is allowed to be created it marks it with type regarding to the sessions user context.

when session is not allowed to be created it will be destroyed.

Definition at line 161 of file class.ilSessionControl.php.

References $_SESSION, $ilSetting, ilObjUser\_lookupId(), checkAdministrationPermission(), checkCurrentSessionIsAllowed(), debug(), SESSION_TYPE_ADMIN, SESSION_TYPE_ANONYM, SESSION_TYPE_SYSTEM, and SESSION_TYPE_USER.

Referenced by ilAuthBase\loginObserver().

{
global $ilSetting;
// do not handle login event in fixed duration mode
if( $ilSetting->get('session_handling_type', 0) != 1 )
return;
$user_id = ilObjUser::_lookupId($a_login);
switch(true)
{
case isset($_ENV['SHELL']):
$_SESSION['SessionType'] = self::SESSION_TYPE_SYSTEM;
self::debug(__METHOD__." --> update sessions type to (".$_SESSION['SessionType'].")");
break;
case self::checkAdministrationPermission($user_id):
$_SESSION['SessionType'] = self::SESSION_TYPE_ADMIN;
self::debug(__METHOD__." --> update sessions type to (".$_SESSION['SessionType'].")");
break;
case $user_id == ANONYMOUS_USER_ID:
$_SESSION['SessionType'] = self::SESSION_TYPE_ANONYM;
self::debug(__METHOD__." --> update sessions type to (".$_SESSION['SessionType'].")");
self::checkCurrentSessionIsAllowed($a_auth);
break;
default:
$_SESSION['SessionType'] = self::SESSION_TYPE_USER;
self::debug(__METHOD__." --> update sessions type to (".$_SESSION['SessionType'].")");
self::checkCurrentSessionIsAllowed($a_auth);
break;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::handleLogoutEvent ( )
static

reset sessions type to unknown

Definition at line 205 of file class.ilSessionControl.php.

References $_SESSION, $ilSetting, debug(), removeSessionCookie(), and SESSION_TYPE_UNKNOWN.

Referenced by ilAuthBase\logoutObserver().

{
global $ilSetting;
// do not handle logout event in fixed duration mode
if( $ilSetting->get('session_handling_type', 0) != 1 )
return;
$_SESSION['SessionType'] = self::SESSION_TYPE_UNKNOWN;
self::debug(__METHOD__." --> reset sessions type to (".$_SESSION['SessionType'].")");
self::removeSessionCookie();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::initSession ( )
static

mark session with type regarding to the context.

should be called from ilAuthBase::initAuth()

Definition at line 137 of file class.ilSessionControl.php.

References $_SESSION, $ilSetting, debug(), and SESSION_TYPE_UNKNOWN.

Referenced by ilAuthBase\initAuth().

{
global $ilSetting;
// do not init session type in fixed duration mode
if( $ilSetting->get('session_handling_type', 0) != 1 )
return;
if( !isset($_SESSION['SessionType']) )
{
$_SESSION['SessionType'] = self::SESSION_TYPE_UNKNOWN;
self::debug(__METHOD__." --> init session with type (".$_SESSION['SessionType'].")");
}
else
{
self::debug(__METHOD__." --> keep sessions type on (".$_SESSION['SessionType'].")");
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::isValidSession (   $a_sid)
staticprivate

checks if session exists for given id and if it is still valid

ilDB $ilDB ilSetting $ilSetting

Parameters
string$a_sid
Returns
boolean session_valid

Definition at line 397 of file class.ilSessionControl.php.

References $ilDB, $ilSetting, $query, $res, $row, and debug().

{
global $ilDB, $ilSetting;
$query = "SELECT session_id, expires FROM usr_session ".
"WHERE session_id = %s";
$res = $ilDB->queryF($query, array('text'), array($a_sid));
$ts = time();
$sessions = array();
while( $row = $ilDB->fetchAssoc($res) )
{
if( $row['expires'] > $ts )
{
self::debug(__METHOD__.' --> Found a valid session with id ('.$a_sid.')');
$sessions[] = $row;
}
else
{
self::debug(__METHOD__.' --> Found an expired session with id ('.$a_sid.')');
}
}
if(count($sessions) == 1)
{
self::debug(__METHOD__.' --> Exact one valid session found for session id ('.$a_sid.')');
return true;
}
else
{
if($sess_count > 1)
self::debug(__METHOD__.' --> Strange!!! More than one sessions found for given session id! ('.$a_sid.')');
else self::debug(__METHOD__.' --> No valid session found for session id ('.$a_sid.')');
return false;
}
}

+ Here is the call graph for this function:

static ilSessionControl::kickFirstRequestAbidencer ( array  $a_types)
staticprivate

kicks sessions of users that abidence after login so people could not login and go for coffe break ;-)

ilDB $ilDB ilSetting $ilSetting

Returns
<type>

Definition at line 367 of file class.ilSessionControl.php.

References $ilDB, $ilSetting, $query, and debug().

Referenced by checkCurrentSessionIsAllowed().

{
global $ilDB, $ilSetting;
$max_idle_after_first_request = (int)$ilSetting->get('session_max_idle_after_first_request') * 60;
if((int)$max_idle_after_first_request == 0) return;
$query = "DELETE FROM usr_session WHERE " .
"(ctime - createtime) < %s " .
"AND (%s - createtime) > %s " .
"AND ".$ilDB->in('type', $a_types, false, 'integer');
$ilDB->manipulateF( $query,
array('integer', 'integer', 'integer'),
array($max_idle_after_first_request, time(), $max_idle_after_first_request)
);
self::debug(__METHOD__.' --> Finished kicking first request abidencer');
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::kickOneMinIdleSession ( array  $a_types)
staticprivate

if sessions exist that relates to given session types and idled longer than min idle parameter, this method deletes one of these sessions

ilDB $ilDB ilSetting $ilSetting

Parameters
array$a_types

Definition at line 327 of file class.ilSessionControl.php.

References $ilDB, $ilSetting, $query, $res, $row, ilSession\_destroy(), DB_FETCHMODE_OBJECT, and debug().

Referenced by checkCurrentSessionIsAllowed().

{
global $ilDB, $ilSetting;
$ts = time();
$min_idle = (int)$ilSetting->get('session_min_idle', self::DEFAULT_MIN_IDLE) * 60;
$max_idle = (int)$ilSetting->get('session_max_idle', self::DEFAULT_MAX_IDLE) * 60;
$query = "SELECT session_id FROM usr_session WHERE expires >= %s " .
"AND (expires - %s) < (%s - %s) " .
"AND ".$ilDB->in('type', $a_types, false, 'integer');
"ORDER BY expires";
$res = $ilDB->queryF(
$query,
array('integer', 'integer', 'integer', 'integer'),
array($ts, $ts, $max_idle, $min_idle)
);
while( $row = $res->fetchRow(DB_FETCHMODE_OBJECT) )
{
$sid = $row->session_id;
ilSession::_destroy($sid);
self::debug(__METHOD__.' --> successfully deleted one min idle session');
break;
}
self::debug(__METHOD__.' --> no min idle session available for deletion');
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilSessionControl::removeSessionCookie ( )
staticprivate

removes a session cookie, so it is not sent by browser anymore

Definition at line 442 of file class.ilSessionControl.php.

References debug(), and ilUtil\setCookie().

Referenced by checkExpiredSession(), and handleLogoutEvent().

{
ilUtil::setCookie(session_name(),'deleted',true,true);
self::debug('Session cookie has been removed');
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Field Documentation

ilSessionControl::$session_types_controlled
staticprivate
Initial value:
array(
self::SESSION_TYPE_USER,
self::SESSION_TYPE_ANONYM
)

Definition at line 58 of file class.ilSessionControl.php.

array ilSessionControl::$session_types_not_controlled
staticprivate
Initial value:
array(
self::SESSION_TYPE_UNKNOWN,
self::SESSION_TYPE_SYSTEM,
self::SESSION_TYPE_ADMIN
)

all session types that will be involved when count of sessions will be determined or when idleing sessions will be destroyed

all session types that will be ignored when count of sessions will be determined or when idleing sessions will be destroyed

Definition at line 69 of file class.ilSessionControl.php.

array ilSessionControl::$setting_fields
staticprivate
Initial value:
array(
'session_max_count',
'session_min_idle',
'session_max_idle',
'session_max_idle_after_first_request',
'session_allow_client_maintenance'
)

all fieldnames that are saved in settings table

Definition at line 34 of file class.ilSessionControl.php.

Referenced by getSettingFields().

const ilSessionControl::DEFAULT_ALLOW_CLIENT_MAINTENANCE = 1

Definition at line 27 of file class.ilSessionControl.php.

Referenced by ilSetup\getSessionSettings(), ilObjSystemFolderGUI\initBasicSettingsForm(), and ilObjSystemFolderGUI\saveBasicSettingsObject().

const ilSessionControl::DEFAULT_MAX_COUNT = 0

default value for settings that have not been defined in setup or administration yet

Definition at line 23 of file class.ilSessionControl.php.

Referenced by checkCurrentSessionIsAllowed(), ilSetup\getSessionSettings(), and ilObjSystemFolderGUI\initBasicSettingsForm().

const ilSessionControl::DEFAULT_MAX_IDLE = 30

Definition at line 25 of file class.ilSessionControl.php.

Referenced by ilSession\_writeData(), ilSetup\getSessionSettings(), and ilObjSystemFolderGUI\initBasicSettingsForm().

const ilSessionControl::DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST = 1

Definition at line 26 of file class.ilSessionControl.php.

Referenced by ilSetup\getSessionSettings(), and ilObjSystemFolderGUI\initBasicSettingsForm().

const ilSessionControl::DEFAULT_MIN_IDLE = 15

Definition at line 24 of file class.ilSessionControl.php.

Referenced by ilSetup\getSessionSettings(), and ilObjSystemFolderGUI\initBasicSettingsForm().

const ilSessionControl::INTERNAL_DEBUG = false

this controls the debuggin into a separate logfile (.

/session.log)

Definition at line 17 of file class.ilSessionControl.php.

const ilSessionControl::SESSION_TYPE_ADMIN = 2

Definition at line 48 of file class.ilSessionControl.php.

Referenced by handleLoginEvent().

const ilSessionControl::SESSION_TYPE_ANONYM = 4

Definition at line 50 of file class.ilSessionControl.php.

Referenced by handleLoginEvent().

const ilSessionControl::SESSION_TYPE_SYSTEM = 1

Definition at line 47 of file class.ilSessionControl.php.

Referenced by handleLoginEvent().

const ilSessionControl::SESSION_TYPE_UNKNOWN = 0

session types from which one is assigned to each session

Definition at line 46 of file class.ilSessionControl.php.

Referenced by handleLogoutEvent(), and initSession().

const ilSessionControl::SESSION_TYPE_USER = 3

Definition at line 49 of file class.ilSessionControl.php.

Referenced by handleLoginEvent().

The documentation for this class was generated from the following file: