38 'session_max_idle_after_first_request',
39 'session_allow_client_maintenance',
40 'session_handling_type'
60 self::SESSION_TYPE_USER,
61 self::SESSION_TYPE_ANONYM
71 self::SESSION_TYPE_UNKNOWN,
72 self::SESSION_TYPE_SYSTEM,
73 self::SESSION_TYPE_ADMIN
90 if(
$ilSetting->get(
'session_handling_type', 0) != 1 )
114 self::debug(
'Browser sent sid cookie with value ('.$sid.
')');
118 self::debug(
'remove session cookie for ('.$sid.
') and trigger event');
125 global $ilAppEventHandler;
126 $ilAppEventHandler->raise(
127 'Services/Authentication',
'expiredSessionDetected', array()
145 if(
$ilSetting->get(
'session_handling_type', 0) != 1 )
168 require_once
'Services/User/classes/class.ilObjUser.php';
175 case isset($_ENV[
'SHELL']):
179 case $user_id == ANONYMOUS_USER_ID:
193 self::debug(__METHOD__.
" --> update sessions type to (".$type.
")");
196 if(
$ilSetting->get(
'session_handling_type', 0) != 1 )
199 if(in_array($type, self::$session_types_controlled))
213 if(
$ilSetting->get(
'session_handling_type', 0) != 1 )
240 if($max_sessions > 0)
245 self::debug(__METHOD__.
"--> total existing sessions (".$num_sessions.
")");
247 if(($num_sessions + 1) > $max_sessions)
249 self::debug(__METHOD__.
' --> limit for session pool reached, but try kicking some first request abidencer');
256 if(($num_sessions + 1) > $max_sessions)
258 self::debug(__METHOD__.
' --> limit for session pool still reached so try kick one min idle session');
265 if(($num_sessions + 1) > $max_sessions)
267 self::debug(__METHOD__.
' --> limit for session pool still reached so logout session ('.session_id().
') and trigger event');
279 global $ilAppEventHandler;
280 $ilAppEventHandler->raise(
281 'Services/Authentication',
'reachedSessionPoolLimit', array()
291 self::debug(__METHOD__.
' --> limit of session pool not reached anymore after kicking one min idle session');
296 self::debug(__METHOD__.
' --> limit of session pool not reached anymore after kicking some first request abidencer');
301 self::debug(__METHOD__.
' --> limit for session pool not reached yet');
306 self::debug(__METHOD__.
' --> limit for session pool not set so check is bypassed');
323 $query =
"SELECT count(session_id) AS num_sessions FROM usr_session ".
324 "WHERE expires > %s ".
325 "AND ".$ilDB->in(
'type', $a_types,
false,
'integer');
330 return $row->num_sessions;
348 $min_idle = (int)
$ilSetting->get(
'session_min_idle', self::DEFAULT_MIN_IDLE) * 60;
349 $max_idle = (int)
$ilSetting->get(
'session_max_idle', self::DEFAULT_MAX_IDLE) * 60;
351 $query =
"SELECT session_id,expires FROM usr_session WHERE expires >= %s " .
352 "AND (expires - %s) < (%s - %s) " .
353 "AND ".$ilDB->in(
'type', $a_types,
false,
'integer');
358 array(
'integer',
'integer',
'integer',
'integer'),
359 array($ts, $ts, $max_idle, $min_idle)
366 self::debug(__METHOD__.
' --> successfully deleted one min idle session');
371 self::debug(__METHOD__.
' --> no min idle session available for deletion');
388 $max_idle_after_first_request = (int)
$ilSetting->get(
'session_max_idle_after_first_request') * 60;
390 if((
int)$max_idle_after_first_request == 0)
return;
392 $query =
"SELECT session_id,expires FROM usr_session WHERE " .
393 "(ctime - createtime) < %s " .
394 "AND (%s - createtime) > %s " .
395 "AND ".$ilDB->in(
'type', $a_types,
false,
'integer');
398 array(
'integer',
'integer',
'integer'),
399 array($max_idle_after_first_request, time(), $max_idle_after_first_request)
402 $session_ids = array();
405 $session_ids[
$row->session_id] =
$row->expires;
409 self::debug(__METHOD__.
' --> Finished kicking first request abidencer');
425 $query =
"SELECT session_id, expires FROM usr_session ".
426 "WHERE session_id = %s";
436 if(
$row[
'expires'] > $ts )
438 self::debug(__METHOD__.
' --> Found a valid session with id ('.$a_sid.
')');
443 self::debug(__METHOD__.
' --> Found an expired session with id ('.$a_sid.
')');
447 if(count($sessions) == 1)
449 self::debug(__METHOD__.
' --> Exact one valid session found for session id ('.$a_sid.
')');
455 if(count($sessions) > 1)
456 self::debug(__METHOD__.
' --> Strange!!! More than one sessions found for given session id! ('.$a_sid.
')');
457 else self::debug(__METHOD__.
' --> No valid session found for session id ('.$a_sid.
')');
482 if( !(
int)$a_user_id )
return false;
486 $access = $rbacsystem->checkAccessOfUser(
487 $a_user_id,
'read,visible', SYSTEM_FOLDER_ID
499 private static function debug($a_debug_log_message)
503 if(DEVMODE)
$ilLog->write($a_debug_log_message,
'message');
505 if(self::INTERNAL_DEBUG)
error_log($a_debug_log_message.
"\n", 3,
'session.log');
const DB_FETCHMODE_OBJECT
isValidSession($ext_uid, $soap_pw, $new_user)
isValidSession
static _lookupId($a_user_str)
Lookup id by login.
const INTERNAL_DEBUG
this controls the debuggin into a separate logfile (.
static handleLogoutEvent()
reset sessions type to unknown
static isValidSession($a_sid)
checks if session exists for given id and if it is still valid
static checkCurrentSessionIsAllowed(Auth $a_auth, $a_user_id)
checks wether the current session exhaust the limit of sessions when limit is reached it deletes "fir...
static $session_types_not_controlled
all session types that will be involved when count of sessions will be determined or when idleing ses...
static initSession()
mark session with type regarding to the context.
static $setting_fields
all fieldnames that are saved in settings table
static $session_types_controlled
const SESSION_TYPE_UNKNOWN
session types from which one is assigned to each session
static getSettingFields()
returns the array of setting fields
const DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
static debug($a_debug_log_message)
logs the given debug message in ilLog
static getExistingSessionCount(array $a_types)
returns number of valid sessions relating to given session types
const DEFAULT_ALLOW_CLIENT_MAINTENANCE
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
static removeSessionCookie()
removes a session cookie, so it is not sent by browser anymore
const DEFAULT_MAX_COUNT
default value for settings that have not been defined in setup or administration yet
static checkAdministrationPermission($a_user_id)
checks wether a given user login relates to an user with administrative permissions
static kickOneMinIdleSession(array $a_types)
if sessions exist that relates to given session types and idled longer than min idle parameter,...
const SESSION_TYPE_ANONYM
const SESSION_TYPE_SYSTEM
static kickFirstRequestAbidencer(array $a_types)
kicks sessions of users that abidence after login so people could not login and go for coffe break ;-...
static createRawEntry($a_session_id, $a_session_type, $a_timestamp, $a_user_id)
Create raw data entry.
static setClosingContext($a_context)
set closing context (for statistics)
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
const SESSION_CLOSE_FIRST
const SESSION_CLOSE_LIMIT
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
static redirect($a_script)
http redirect to other script