ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilSession.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 require_once('Services/Authentication/classes/class.ilSessionControl.php');
5 require_once('Services/Authentication/classes/class.ilSessionStatistics.php');
6 require_once('Services/Authentication/classes/class.ilSessionIStorage.php');
7 
15 class ilSession
16 {
24  const SESSION_HANDLING_FIXED = 0;
25 
33  const SESSION_HANDLING_LOAD_DEPENDENT = 1;
34 
40  const SESSION_CLOSE_USER = 1; // manual logout
41  const SESSION_CLOSE_EXPIRE = 2; // has expired
42  const SESSION_CLOSE_FIRST = 3; // kicked by session control (first abidencer)
43  const SESSION_CLOSE_IDLE = 4; // kickey by session control (ilde time)
44  const SESSION_CLOSE_LIMIT = 5; // kicked by session control (limit reached)
45  const SESSION_CLOSE_LOGIN = 6; // anonymous => login
46  const SESSION_CLOSE_PUBLIC = 7; // => anonymous
47  const SESSION_CLOSE_TIME = 8; // account time limit reached
48  const SESSION_CLOSE_IP = 9; // wrong ip
49  const SESSION_CLOSE_SIMUL = 10; // simultaneous login
50  const SESSION_CLOSE_INACTIVE = 11; // inactive account
51  const SESSION_CLOSE_CAPTCHA = 12; // invalid captcha
52 
53  private static $closing_context = null;
54 
58  protected static $enable_web_access_without_session = false;
59 
66  static function _getData($a_session_id)
67  {
68  if(!$a_session_id) {
69  return NULL;
70  }
71  global $ilDB;
72 
73  $q = "SELECT data FROM usr_session WHERE session_id = ".
74  $ilDB->quote($a_session_id, "text");
75  $set = $ilDB->query($q);
76  $rec = $ilDB->fetchAssoc($set);
77 
78  return $rec["data"];
79  }
80 
87  static function _writeData($a_session_id, $a_data)
88  {
89  global $ilDB, $ilClientIniFile;
90 
91  if (self::isWebAccessWithoutSessionEnabled())
92  {
93  // Prevent session data written for web access checker
94  // when no cookie was sent (e.g. for pdf files linking others).
95  // This would result in new session records for each request.
96  return true;
97  }
98 
99  $now = time();
100 
101  // prepare session data
102  $fields = array(
103  "user_id" => array("integer", (int) $_SESSION["AccountId"]),
104  "expires" => array("integer", self::getExpireValue()),
105  "data" => array("clob", $a_data),
106  "ctime" => array("integer", $now),
107  "type" => array("integer", (int) $_SESSION["SessionType"])
108  );
109  if ($ilClientIniFile->readVariable("session","save_ip"))
110  {
111  $fields["remote_addr"] = array("text", $_SERVER["REMOTE_ADDR"]);
112  }
113 
114  if (ilSession::_exists($a_session_id))
115  {
116  $ilDB->update("usr_session", $fields,
117  array("session_id" => array("text", $a_session_id)));
118  }
119  else
120  {
121  $fields["session_id"] = array("text", $a_session_id);
122  $fields["createtime"] = array("integer", $now);
123 
124  $ilDB->insert("usr_session", $fields);
125 
126  // check type against session control
127  $type = $fields["type"][1];
128  if(in_array($type, ilSessionControl::$session_types_controlled))
129  {
130  ilSessionStatistics::createRawEntry($fields["session_id"][1],
131  $type, $fields["createtime"][1], $fields["user_id"][1]);
132  }
133  }
134 
135  // finally delete deprecated sessions
136  if(rand(0, 50) == 2)
137  {
138  // get time _before_ destroying expired sessions
139  self::_destroyExpiredSessions();
140  ilSessionStatistics::aggretateRaw($now);
141  }
142 
143  return true;
144  }
145 
146 
147 
154  static function _exists($a_session_id)
155  {
156  if (! $a_session_id) {
157  return false;
158  }
159  global $ilDB;
160 
161  $q = "SELECT 1 FROM usr_session WHERE session_id = " . $ilDB->quote($a_session_id, "text");
162  $set = $ilDB->query($q);
163 
164  return $ilDB->numRows($set) > 0;
165  }
166 
174  static function _destroy($a_session_id, $a_closing_context = null, $a_expired_at = null)
175  {
176  global $ilDB;
177 
178  if(!$a_closing_context)
179  {
180  $a_closing_context = self::$closing_context;
181  }
182 
183  ilSessionStatistics::closeRawEntry($a_session_id, $a_closing_context, $a_expired_at);
184 
185 
186  if(!is_array($a_session_id))
187  {
188  $q = "DELETE FROM usr_session WHERE session_id = ".
189  $ilDB->quote($a_session_id, "text");
190  }
191  else
192  {
193  // array: id => timestamp - so we get rid of timestamps
194  if($a_expired_at)
195  {
196  $a_session_id = array_keys($a_session_id);
197  }
198  $q = "DELETE FROM usr_session WHERE ".
199  $ilDB->in("session_id", $a_session_id, "", "text");
200  }
201 
202  ilSessionIStorage::destroySession($a_session_id);
203 
204  $ilDB->manipulate($q);
205 
206  return true;
207  }
208 
214  static function _destroyByUserId($a_user_id)
215  {
216  global $ilDB;
217 
218  $q = "DELETE FROM usr_session WHERE user_id = ".
219  $ilDB->quote($a_user_id, "integer");
220  $ilDB->manipulate($q);
221 
222  return true;
223  }
224 
228  static function _destroyExpiredSessions()
229  {
230  global $ilDB;
231 
232  $q = "SELECT session_id,expires FROM usr_session WHERE expires < ".
233  $ilDB->quote(time(), "integer");
234  $res = $ilDB->query($q);
235  $ids = array();
236  while($row = $ilDB->fetchAssoc($res))
237  {
238  $ids[$row["session_id"]] = $row["expires"];
239  }
240  if(sizeof($ids))
241  {
242  self::_destroy($ids, self::SESSION_CLOSE_EXPIRE, true);
243  }
244 
245  return true;
246  }
247 
254  static function _duplicate($a_session_id)
255  {
256  global $ilDB;
257 
258  // Create new session id
259  $new_session = $a_session_id;
260  do
261  {
262  $new_session = md5($new_session);
263  $q ="SELECT * FROM usr_session WHERE ".
264  "session_id = ".$ilDB->quote($new_session, "text");
265  $res = $ilDB->query($q);
266  } while($ilDB->fetchAssoc($res));
267 
268  $query = "SELECT * FROM usr_session ".
269  "WHERE session_id = ".$ilDB->quote($a_session_id, "text");
270  $res = $ilDB->query($query);
271 
272  while ($row = $ilDB->fetchObject($res))
273  {
274  ilSession::_writeData($new_session,$row->data);
275  return $new_session;
276  }
277  return false;
278  }
279 
290  public static function getExpireValue($fixedMode = false)
291  {
292  global $ilSetting;
293 
294  if( $fixedMode || $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_FIXED )
295  {
296  // fixed session
297  return time() + ini_get('session.gc_maxlifetime');
298  }
299  else if( $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_LOAD_DEPENDENT )
300  {
301  // load dependent session settings
302  return time() + (int) ($ilSetting->get('session_max_idle', ilSessionControl::DEFAULT_MAX_IDLE) * 60);
303  }
304  }
305 
316  public static function getIdleValue($fixedMode = false)
317  {
318  global $ilSetting, $ilClientIniFile;
319 
320  if( $fixedMode || $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_FIXED )
321  {
322  // fixed session
323  return $ilClientIniFile->readVariable('session','expire');
324  }
325  else if( $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_LOAD_DEPENDENT )
326  {
327  // load dependent session settings
328  return (int) ($ilSetting->get('session_max_idle', ilSessionControl::DEFAULT_MAX_IDLE) * 60);
329  }
330  }
331 
341  public static function getSessionExpireValue()
342  {
343  return self::getIdleValue(true);
344  }
345 
352  static function _getUsersWithIp($a_ip)
353  {
354  global $ilDB;
355 
356  $query = "SELECT DISTINCT user_id FROM usr_session"
357  . " WHERE remote_addr = " . $ilDB->quote($a_ip, "text")
358  . " AND user_id > 0";
359  $result = $ilDB->query($query);
360 
361  $users = array();
362  while ($row = $ilDB->fetchObject($result))
363  {
364  $users[] = $row->user_id;
365  }
366  return $users;
367  }
368 
375  static function set($a_var, $a_val)
376  {
377  $_SESSION[$a_var] = $a_val;
378  }
379 
386  static function get($a_var)
387  {
388  return $_SESSION[$a_var];
389  }
390 
397  static function clear($a_var)
398  {
399  unset($_SESSION[$a_var]);
400  }
401 
407  public static function setClosingContext($a_context)
408  {
409  self::$closing_context = (int)$a_context;
410  }
411 
417  public static function getClosingContext()
418  {
419  return self::$closing_context;
420  }
421 
425  public static function isWebAccessWithoutSessionEnabled()
426  {
427  return (bool)self::$enable_web_access_without_session;
428  }
429 
433  public static function enableWebAccessWithoutSession($enable_web_access_without_session)
434  {
435  self::$enable_web_access_without_session = (bool)$enable_web_access_without_session;
436  }
437 }
438 
439 ?>
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
ilSession\SESSION_CLOSE_IDLE
const SESSION_CLOSE_IDLE
Definition: class.ilSession.php:43
ilSession\_destroy
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:174
ilSession\enableWebAccessWithoutSession
static enableWebAccessWithoutSession($enable_web_access_without_session)
Definition: class.ilSession.php:433
ilSession\SESSION_CLOSE_CAPTCHA
const SESSION_CLOSE_CAPTCHA
Definition: class.ilSession.php:51
$result
$result
Definition: CleanUpTest.php:407
ilSession\SESSION_CLOSE_INACTIVE
const SESSION_CLOSE_INACTIVE
Definition: class.ilSession.php:50
ilSession\SESSION_CLOSE_LOGIN
const SESSION_CLOSE_LOGIN
Definition: class.ilSession.php:45
ilSession\SESSION_CLOSE_TIME
const SESSION_CLOSE_TIME
Definition: class.ilSession.php:47
ilSession\SESSION_HANDLING_FIXED
const SESSION_HANDLING_FIXED
Definition: class.ilSession.php:24
ilSession\_destroyExpiredSessions
static _destroyExpiredSessions()
Destroy expired sessions.
Definition: class.ilSession.php:228
ilSession\SESSION_CLOSE_EXPIRE
const SESSION_CLOSE_EXPIRE
Definition: class.ilSession.php:41
ilSession\getExpireValue
static getExpireValue($fixedMode=false)
Returns the expiration timestamp in seconds.
Definition: class.ilSession.php:290
ilSession\_exists
static _exists($a_session_id)
Check whether session exists.
Definition: class.ilSession.php:154
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:40
ilSessionIStorage\destroySession
destroySession($a_session_id)
Destroy session(s).
Definition: class.ilSessionIStorage.php:108
ilSession\clear
static clear($a_var)
Unset a value.
Definition: class.ilSession.php:397
ilSession\_getData
static _getData($a_session_id)
Get session data from table.
Definition: class.ilSession.php:66
ilSessionStatistics\createRawEntry
static createRawEntry($a_session_id, $a_session_type, $a_timestamp, $a_user_id)
Create raw data entry.
Definition: class.ilSessionStatistics.php:40
ilSession\_destroyByUserId
static _destroyByUserId($a_user_id)
Destroy session.
Definition: class.ilSession.php:214
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:316
ilSession\isWebAccessWithoutSessionEnabled
static isWebAccessWithoutSessionEnabled()
Definition: class.ilSession.php:425
ilSession\SESSION_CLOSE_LIMIT
const SESSION_CLOSE_LIMIT
Definition: class.ilSession.php:44
ilSession\$enable_web_access_without_session
static $enable_web_access_without_session
Definition: class.ilSession.php:58
ilSession\SESSION_CLOSE_PUBLIC
const SESSION_CLOSE_PUBLIC
Definition: class.ilSession.php:46
ilSession\SESSION_CLOSE_SIMUL
const SESSION_CLOSE_SIMUL
Definition: class.ilSession.php:49
ilSession\_writeData
static _writeData($a_session_id, $a_data)
Write session data.
Definition: class.ilSession.php:87
ilSession\_duplicate
static _duplicate($a_session_id)
Duplicate session.
Definition: class.ilSession.php:254
ilSession\setClosingContext
static setClosingContext($a_context)
set closing context (for statistics)
Definition: class.ilSession.php:407
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilSession\SESSION_HANDLING_LOAD_DEPENDENT
const SESSION_HANDLING_LOAD_DEPENDENT
Definition: class.ilSession.php:33
ilSession\_getUsersWithIp
static _getUsersWithIp($a_ip)
Get the active users with a specific remote ip address.
Definition: class.ilSession.php:352
ilSession\getClosingContext
static getClosingContext()
get closing context (for statistics)
Definition: class.ilSession.php:417
ilSession\getSessionExpireValue
static getSessionExpireValue()
Returns the session expiration value.
Definition: class.ilSession.php:341
ilSessionStatistics\aggretateRaw
static aggretateRaw($a_now)
Aggregate raw session data (older than given time)
Definition: class.ilSessionStatistics.php:262
ilSession\$closing_context
static $closing_context
Definition: class.ilSession.php:53
ilSession\SESSION_CLOSE_FIRST
const SESSION_CLOSE_FIRST
Definition: class.ilSession.php:42
ilSession\SESSION_CLOSE_IP
const SESSION_CLOSE_IP
Definition: class.ilSession.php:48
ilSessionStatistics\closeRawEntry
static closeRawEntry($a_session_id, $a_context=null, $a_expired_at=null)
Close raw data entry.
Definition: class.ilSessionStatistics.php:72