ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilSession.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once('Services/Authentication/classes/class.ilSessionControl.php');
5require_once('Services/Authentication/classes/class.ilSessionStatistics.php');
6require_once('Services/Authentication/classes/class.ilSessionIStorage.php');
7
16{
25
34
40 const SESSION_CLOSE_USER = 1; // manual logout
41 const SESSION_CLOSE_EXPIRE = 2; // has expired
42 const SESSION_CLOSE_FIRST = 3; // kicked by session control (first abidencer)
43 const SESSION_CLOSE_IDLE = 4; // kickey by session control (ilde time)
44 const SESSION_CLOSE_LIMIT = 5; // kicked by session control (limit reached)
45 const SESSION_CLOSE_LOGIN = 6; // anonymous => login
46 const SESSION_CLOSE_PUBLIC = 7; // => anonymous
47 const SESSION_CLOSE_TIME = 8; // account time limit reached
48 const SESSION_CLOSE_IP = 9; // wrong ip
49 const SESSION_CLOSE_SIMUL = 10; // simultaneous login
50 const SESSION_CLOSE_INACTIVE = 11; // inactive account
51 const SESSION_CLOSE_CAPTCHA = 12; // invalid captcha
52
53 private static $closing_context = null;
54
58 protected static $enable_web_access_without_session = false;
59
66 static function _getData($a_session_id)
67 {
68 if(!$a_session_id) {
69 return NULL;
70 }
71 global $ilDB;
72
73 $q = "SELECT data FROM usr_session WHERE session_id = ".
74 $ilDB->quote($a_session_id, "text");
75 $set = $ilDB->query($q);
76 $rec = $ilDB->fetchAssoc($set);
77
78 return $rec["data"];
79 }
80
87 static function _writeData($a_session_id, $a_data)
88 {
89 global $ilDB, $ilClientIniFile;
90
91 if (self::isWebAccessWithoutSessionEnabled())
92 {
93 // Prevent session data written for web access checker
94 // when no cookie was sent (e.g. for pdf files linking others).
95 // This would result in new session records for each request.
96 return true;
97 }
98
99 $now = time();
100
101 // prepare session data
102 $fields = array(
103 "user_id" => array("integer", (int) $_SESSION["AccountId"]),
104 "expires" => array("integer", self::getExpireValue()),
105 "data" => array("clob", $a_data),
106 "ctime" => array("integer", $now),
107 "type" => array("integer", (int) $_SESSION["SessionType"])
108 );
109 if ($ilClientIniFile->readVariable("session","save_ip"))
110 {
111 $fields["remote_addr"] = array("text", $_SERVER["REMOTE_ADDR"]);
112 }
113
114 if (ilSession::_exists($a_session_id))
115 {
116 $ilDB->update("usr_session", $fields,
117 array("session_id" => array("text", $a_session_id)));
118 }
119 else
120 {
121 $fields["session_id"] = array("text", $a_session_id);
122 $fields["createtime"] = array("integer", $now);
123
124 $ilDB->insert("usr_session", $fields);
125
126 // check type against session control
127 $type = $fields["type"][1];
129 {
130 ilSessionStatistics::createRawEntry($fields["session_id"][1],
131 $type, $fields["createtime"][1], $fields["user_id"][1]);
132 }
133 }
134
135 // finally delete deprecated sessions
136 if(rand(0, 50) == 2)
137 {
138 // get time _before_ destroying expired sessions
141 }
142
143 return true;
144 }
145
146
147
154 static function _exists($a_session_id)
155 {
156 if (! $a_session_id) {
157 return false;
158 }
159 global $ilDB;
160
161 $q = "SELECT 1 FROM usr_session WHERE session_id = " . $ilDB->quote($a_session_id, "text");
162 $set = $ilDB->query($q);
163
164 return $ilDB->numRows($set) > 0;
165 }
166
174 static function _destroy($a_session_id, $a_closing_context = null, $a_expired_at = null)
175 {
176 global $ilDB;
177
178 if(!$a_closing_context)
179 {
180 $a_closing_context = self::$closing_context;
181 }
182
183 ilSessionStatistics::closeRawEntry($a_session_id, $a_closing_context, $a_expired_at);
184
185
186 if(!is_array($a_session_id))
187 {
188 $q = "DELETE FROM usr_session WHERE session_id = ".
189 $ilDB->quote($a_session_id, "text");
190 }
191 else
192 {
193 // array: id => timestamp - so we get rid of timestamps
194 if($a_expired_at)
195 {
196 $a_session_id = array_keys($a_session_id);
197 }
198 $q = "DELETE FROM usr_session WHERE ".
199 $ilDB->in("session_id", $a_session_id, "", "text");
200 }
201
203
204 $ilDB->manipulate($q);
205
206 return true;
207 }
208
214 static function _destroyByUserId($a_user_id)
215 {
216 global $ilDB;
217
218 $q = "DELETE FROM usr_session WHERE user_id = ".
219 $ilDB->quote($a_user_id, "integer");
220 $ilDB->manipulate($q);
221
222 return true;
223 }
224
228 static function _destroyExpiredSessions()
229 {
230 global $ilDB;
231
232 $q = "SELECT session_id,expires FROM usr_session WHERE expires < ".
233 $ilDB->quote(time(), "integer");
234 $res = $ilDB->query($q);
235 $ids = array();
236 while($row = $ilDB->fetchAssoc($res))
237 {
238 $ids[$row["session_id"]] = $row["expires"];
239 }
240 if(sizeof($ids))
241 {
242 self::_destroy($ids, self::SESSION_CLOSE_EXPIRE, true);
243 }
244
245 return true;
246 }
247
254 static function _duplicate($a_session_id)
255 {
256 global $ilDB;
257
258 // Create new session id
259 $new_session = $a_session_id;
260 do
261 {
262 $new_session = md5($new_session);
263 $q ="SELECT * FROM usr_session WHERE ".
264 "session_id = ".$ilDB->quote($new_session, "text");
265 $res = $ilDB->query($q);
266 } while($ilDB->fetchAssoc($res));
267
268 $query = "SELECT * FROM usr_session ".
269 "WHERE session_id = ".$ilDB->quote($a_session_id, "text");
270 $res = $ilDB->query($query);
271
272 while ($row = $ilDB->fetchObject($res))
273 {
274 ilSession::_writeData($new_session,$row->data);
275 return $new_session;
276 }
277 return false;
278 }
279
290 public static function getExpireValue($fixedMode = false)
291 {
292 global $ilSetting;
293
294 if( $fixedMode || $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_FIXED )
295 {
296 // fixed session
297 return time() + ini_get('session.gc_maxlifetime');
298 }
299 else if( $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_LOAD_DEPENDENT )
300 {
301 // load dependent session settings
302 return time() + (int) ($ilSetting->get('session_max_idle', ilSessionControl::DEFAULT_MAX_IDLE) * 60);
303 }
304 }
305
316 public static function getIdleValue($fixedMode = false)
317 {
318 global $ilSetting, $ilClientIniFile;
319
320 if( $fixedMode || $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_FIXED )
321 {
322 // fixed session
323 return $ilClientIniFile->readVariable('session','expire');
324 }
325 else if( $ilSetting->get('session_handling_type', self::SESSION_HANDLING_FIXED) == self::SESSION_HANDLING_LOAD_DEPENDENT )
326 {
327 // load dependent session settings
328 return (int) ($ilSetting->get('session_max_idle', ilSessionControl::DEFAULT_MAX_IDLE) * 60);
329 }
330 }
331
341 public static function getSessionExpireValue()
342 {
343 return self::getIdleValue(true);
344 }
345
352 static function _getUsersWithIp($a_ip)
353 {
354 global $ilDB;
355
356 $query = "SELECT DISTINCT user_id FROM usr_session"
357 . " WHERE remote_addr = " . $ilDB->quote($a_ip, "text")
358 . " AND user_id > 0";
359 $result = $ilDB->query($query);
360
361 $users = array();
362 while ($row = $ilDB->fetchObject($result))
363 {
364 $users[] = $row->user_id;
365 }
366 return $users;
367 }
368
375 static function set($a_var, $a_val)
376 {
377 $_SESSION[$a_var] = $a_val;
378 }
379
386 static function get($a_var)
387 {
388 return $_SESSION[$a_var];
389 }
390
397 static function clear($a_var)
398 {
399 unset($_SESSION[$a_var]);
400 }
401
407 public static function setClosingContext($a_context)
408 {
409 self::$closing_context = (int)$a_context;
410 }
411
417 public static function getClosingContext()
418 {
420 }
421
425 public static function isWebAccessWithoutSessionEnabled()
426 {
428 }
429
434 {
435 self::$enable_web_access_without_session = (bool)$enable_web_access_without_session;
436 }
437}
438
439?>
$result
$_SESSION["AccountId"]
destroySession($a_session_id)
Destroy session(s).
static closeRawEntry($a_session_id, $a_context=null, $a_expired_at=null)
Close raw data entry.
static createRawEntry($a_session_id, $a_session_type, $a_timestamp, $a_user_id)
Create raw data entry.
static _exists($a_session_id)
Check whether session exists.
const SESSION_HANDLING_LOAD_DEPENDENT
const SESSION_CLOSE_USER
const SESSION_CLOSE_CAPTCHA
const SESSION_CLOSE_IP
static setClosingContext($a_context)
set closing context (for statistics)
const SESSION_HANDLING_FIXED
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
static getClosingContext()
get closing context (for statistics)
static _getUsersWithIp($a_ip)
Get the active users with a specific remote ip address.
static isWebAccessWithoutSessionEnabled()
const SESSION_CLOSE_LOGIN
const SESSION_CLOSE_TIME
static _writeData($a_session_id, $a_data)
Write session data.
static _destroyExpiredSessions()
Destroy expired sessions.
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
static _destroyByUserId($a_user_id)
Destroy session.
static _getData($a_session_id)
Get session data from table.
static clear($a_var)
Unset a value.
const SESSION_CLOSE_SIMUL
static enableWebAccessWithoutSession($enable_web_access_without_session)
static _duplicate($a_session_id)
Duplicate session.
const SESSION_CLOSE_FIRST
static $closing_context
const SESSION_CLOSE_INACTIVE
const SESSION_CLOSE_IDLE
const SESSION_CLOSE_PUBLIC
static getSessionExpireValue()
Returns the session expiration value.
static $enable_web_access_without_session
const SESSION_CLOSE_LIMIT
const SESSION_CLOSE_EXPIRE
static getExpireValue($fixedMode=false)
Returns the expiration timestamp in seconds.
global $ilSetting
Definition: privfeed.php:40
global $ilDB
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']